From 10ab948988282129ae0c33ddaca17d8c9ff87762 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 4 Nov 2025 17:12:48 +0100 Subject: [PATCH 01/33] chore: move persistent-mount under bob --- .../mkosi.skeleton/etc/systemd/system/persistent-mount.service | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {base => bob-common}/mkosi.skeleton/etc/systemd/system/persistent-mount.service (100%) diff --git a/base/mkosi.skeleton/etc/systemd/system/persistent-mount.service b/bob-common/mkosi.skeleton/etc/systemd/system/persistent-mount.service similarity index 100% rename from base/mkosi.skeleton/etc/systemd/system/persistent-mount.service rename to bob-common/mkosi.skeleton/etc/systemd/system/persistent-mount.service From 4a1202dc064ed7e9e83030cd070654218f534af0 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 4 Nov 2025 17:16:31 +0100 Subject: [PATCH 02/33] chore: tidy up gitignore --- .gitignore | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 483e4b6..34c4139 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,21 @@ +# mkosi artifacts + build/ -mkosi/ env.json -mkosi.packages/ -mkosi.cache/ mkosi.builddir/ -*.qcow2 -.claudesync/ -.claudeignore +mkosi.cache/ +mkosi.packages/ +mkosi/ + +# temporary files + +.temp tmp/ + +# IDEs/agents/whatnot + +.claudeignore +.claudesync/ +.vscode +*.qcow2 NvVars From 447a82301cd26b0eb41191d0287e27d68a767da0 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Wed, 5 Nov 2025 08:56:34 +0100 Subject: [PATCH 03/33] fix: specify the package during rust builds --- scripts/build_rust_package.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/build_rust_package.sh b/scripts/build_rust_package.sh index 58f313f..eaa2858 100755 --- a/scripts/build_rust_package.sh +++ b/scripts/build_rust_package.sh @@ -50,10 +50,10 @@ build_rust_package() { CARGO_TERM_COLOR='never' cd '/build/$package' cargo fetch - cargo build --release --frozen ${extra_features:+--features $extra_features} + cargo build --release --frozen ${extra_features:+--features $extra_features} --package $package " # Cache and install the built binary install -m 755 "$build_dir/target/release/$package" "$cached_binary" install -m 755 "$cached_binary" "$dest_path" -} \ No newline at end of file +} From 145218b2f3b6a12c14bd437b13cc2de71a392e83 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 7 Nov 2025 12:19:50 +0100 Subject: [PATCH 04/33] feat: implement blanket gcp image build --- base/mkosi.skeleton/etc/sysconfig/.gitkeep | 0 l2/kernel.config | 3 + l2/mkosi.build | 66 +++++++++++++++++++ l2/mkosi.conf | 24 +++++++ .../etc/default/prometheus-node-exporter | 7 ++ .../etc/default/prometheus-process-exporter | 6 ++ l2/mkosi.extra/etc/flashbots/l2.yaml | 6 ++ .../etc/google-cloud-ops-agent/config.yaml | 18 +++++ .../prometheus-process-exporter/config.yaml | 4 ++ .../etc/systemd/system/automount-data.service | 16 +++++ .../systemd/system/ptlb-routes-nanny.service | 15 +++++ .../systemd/system/ptlb-routes-nanny.timer | 9 +++ .../systemd-networkd.service.d/override.conf | 3 + .../etc/systemd/system/vault-agent.service | 33 ++++++++++ .../gomplate/authorized_keys.ctmpl | 8 +++ .../vault-agent/gomplate/authorized_keys.hcl | 13 ++++ .../etc/vault-agent/gomplate/config.hcl | 20 ++++++ l2/mkosi.extra/usr/bin/automount-data.sh | 26 ++++++++ l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh | 57 ++++++++++++++++ l2/mkosi.postinst | 33 ++++++++++ mkosi.profiles/devtools/mkosi.conf | 7 ++ mkosi.profiles/devtools/mkosi.postinst | 31 ++++++++- mkosi.profiles/gcp/mkosi.conf | 8 ++- .../gcp/mkosi.extra/etc/chrony}/chrony.conf | 0 .../gcp/mkosi.extra/etc/logrotate.d/rsyslog | 13 ++++ .../etc/rsyslog.d/01-json-template.conf | 40 +++++++++++ .../gcp/mkosi.extra/etc/systemd/journald.conf | 50 ++++++++++++++ .../system/logrotate.timer.d/override.conf | 3 + .../etc/systemd/system/set-hostname.service | 14 ++++ .../gcp/mkosi.extra/usr/bin/set-hostname.sh | 16 +++++ mkosi.profiles/gcp/mkosi.postinst | 39 +++++++++++ 31 files changed, 586 insertions(+), 2 deletions(-) create mode 100644 base/mkosi.skeleton/etc/sysconfig/.gitkeep create mode 100644 l2/kernel.config create mode 100755 l2/mkosi.build create mode 100644 l2/mkosi.conf create mode 100644 l2/mkosi.extra/etc/default/prometheus-node-exporter create mode 100644 l2/mkosi.extra/etc/default/prometheus-process-exporter create mode 100644 l2/mkosi.extra/etc/flashbots/l2.yaml create mode 100644 l2/mkosi.extra/etc/google-cloud-ops-agent/config.yaml create mode 100644 l2/mkosi.extra/etc/prometheus-process-exporter/config.yaml create mode 100644 l2/mkosi.extra/etc/systemd/system/automount-data.service create mode 100644 l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.service create mode 100644 l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.timer create mode 100644 l2/mkosi.extra/etc/systemd/system/systemd-networkd.service.d/override.conf create mode 100644 l2/mkosi.extra/etc/systemd/system/vault-agent.service create mode 100644 l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.ctmpl create mode 100644 l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.hcl create mode 100644 l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl create mode 100755 l2/mkosi.extra/usr/bin/automount-data.sh create mode 100644 l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh create mode 100755 l2/mkosi.postinst rename {services => mkosi.profiles/gcp/mkosi.extra/etc/chrony}/chrony.conf (100%) create mode 100644 mkosi.profiles/gcp/mkosi.extra/etc/logrotate.d/rsyslog create mode 100644 mkosi.profiles/gcp/mkosi.extra/etc/rsyslog.d/01-json-template.conf create mode 100644 mkosi.profiles/gcp/mkosi.extra/etc/systemd/journald.conf create mode 100644 mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/logrotate.timer.d/override.conf create mode 100644 mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/set-hostname.service create mode 100755 mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh create mode 100755 mkosi.profiles/gcp/mkosi.postinst diff --git a/base/mkosi.skeleton/etc/sysconfig/.gitkeep b/base/mkosi.skeleton/etc/sysconfig/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/l2/kernel.config b/l2/kernel.config new file mode 100644 index 0000000..556a833 --- /dev/null +++ b/l2/kernel.config @@ -0,0 +1,3 @@ +CONFIG_NET_VENDOR_GOOGLE=y +CONFIG_GVE=y +CONFIG_XFS_FS=y diff --git a/l2/mkosi.build b/l2/mkosi.build new file mode 100755 index 0000000..ba4022f --- /dev/null +++ b/l2/mkosi.build @@ -0,0 +1,66 @@ +#!/bin/bash + +set -euxo pipefail + +ENV_YAML="$SRCDIR/l2/mkosi.extra/etc/flashbots/l2.yaml" + +VAULT_VERSION=$(mkosi-chroot yq -r .vault.version < "$ENV_YAML") +GOMPLATE_VERSION=$(mkosi-chroot yq -r .deps.gomplate_version < "$ENV_YAML") +OPS_AGENT_VERSION=$(mkosi-chroot yq -r .deps.ops_agent_version < "$ENV_YAML") + +source scripts/make_git_package.sh + +# build gomplate +make_git_package \ + "gomplate" \ + "v${GOMPLATE_VERSION}" \ + "https://github.com/hairyhenderson/gomplate" \ + 'go build -trimpath -ldflags "-s -w -buildid=" -o ./build/gomplate ./cmd/gomplate' \ + "build/gomplate:/usr/bin/gomplate" +chmod +x $DESTDIR/usr/bin/gomplate + +# build vault +make_git_package \ + "vault" \ + "v${VAULT_VERSION}" \ + "https://github.com/hashicorp/vault.git" \ + 'go build -trimpath -ldflags "-s -w -buildid=" -o ./bin/vault .' \ + "bin/vault:/usr/bin/vault" +chmod +x $DESTDIR/usr/bin/vault + +cd "$BUILDROOT" + +# Build Google Cloud Ops Agent +IMPORT_PATH="github.com/GoogleCloudPlatform/ops-agent" +BUILD_CMD=" + # Fluentbit + export SOURCE_DATE_EPOCH=0 PATH=/usr/local/go/bin:\$PATH + export CFLAGS='-fno-ident -Wno-date-time' CXXFLAGS='-fno-ident -Wno-date-time' + git submodule update --init --depth 1 submodules/fluent-bit + ./builds/fluent_bit.sh \$(pwd)/out + + # Main gcs agent binaries + mkdir -p out/libexec + LDFLAGS='-s -w -buildid=' + go build -buildvcs=false -trimpath -ldflags \"\$LDFLAGS \\ + -X $IMPORT_PATH/internal/version.BuildDistro=debian13 \\ + -X $IMPORT_PATH/internal/version.Version=$OPS_AGENT_VERSION\" \\ + -o out/libexec/google_cloud_ops_agent_engine \\ + $IMPORT_PATH/cmd/google_cloud_ops_agent_engine + + go build -buildvcs=false -trimpath -ldflags \"\$LDFLAGS\" \\ + -o out/libexec/google_cloud_ops_agent_wrapper \\ + $IMPORT_PATH/cmd/agent_wrapper +" + +make_git_package \ + "google-cloud-ops-agent" \ + "$OPS_AGENT_VERSION" \ + "https://github.com/GoogleCloudPlatform/ops-agent" \ + "$BUILD_CMD" \ + "out/libexec:/opt/google-cloud-ops-agent/libexec" \ + "out/opt/google-cloud-ops-agent/subagents/fluent-bit:/opt/google-cloud-ops-agent/subagents/fluent-bit" \ + "systemd/google-cloud-ops-agent-fluent-bit.service:/usr/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service" \ + "systemd/google-cloud-ops-agent.service:/usr/lib/systemd/system/google-cloud-ops-agent.service" + +sed -i 's|@PREFIX@|/opt/google-cloud-ops-agent|g; s|@SYSCONFDIR@|/etc|g' "$DESTDIR/usr/lib/systemd/system/google-cloud-ops-agent"*.service diff --git a/l2/mkosi.conf b/l2/mkosi.conf new file mode 100644 index 0000000..1b42627 --- /dev/null +++ b/l2/mkosi.conf @@ -0,0 +1,24 @@ +[Include] +Include=base/mkosi.conf + +[Config] +Profiles=gcp + +[Build] +Environment=KERNEL_CONFIG_SNIPPETS=kernel/snippets/ubuntu.config,l2/kernel.config +WithNetwork=true + +[Content] +BuildScripts=l2/mkosi.build +ExtraTrees=l2/mkosi.extra +PostInstallationScripts=l2/mkosi.postinst + +Packages=prometheus-node-exporter + prometheus-process-exporter + usrmerge + xfsprogs + +BuildPackages=golang + libssl-dev + unzip + yq diff --git a/l2/mkosi.extra/etc/default/prometheus-node-exporter b/l2/mkosi.extra/etc/default/prometheus-node-exporter new file mode 100644 index 0000000..93dea25 --- /dev/null +++ b/l2/mkosi.extra/etc/default/prometheus-node-exporter @@ -0,0 +1,7 @@ +# Set the command-line arguments to pass to the server. +ARGS="\ +--collector.systemd \ +--collector.systemd.unit-include=\".*(prometheus-node-exporter|prometheus-process-exporter|vault-agent).*\" \ +--log.format=json \ +--web.listen-address=0.0.0.0:9100 \ +" diff --git a/l2/mkosi.extra/etc/default/prometheus-process-exporter b/l2/mkosi.extra/etc/default/prometheus-process-exporter new file mode 100644 index 0000000..71b8d97 --- /dev/null +++ b/l2/mkosi.extra/etc/default/prometheus-process-exporter @@ -0,0 +1,6 @@ +# Set the command-line arguments to pass to the server. +ARGS="\ +-config.path=/etc/prometheus-process-exporter/config.yaml \ +-threads=false \ +-web.listen-address=0.0.0.0:9256 \ +" diff --git a/l2/mkosi.extra/etc/flashbots/l2.yaml b/l2/mkosi.extra/etc/flashbots/l2.yaml new file mode 100644 index 0000000..7e01f1d --- /dev/null +++ b/l2/mkosi.extra/etc/flashbots/l2.yaml @@ -0,0 +1,6 @@ +vault: + version: 1.20.1 + +deps: + gomplate_version: 4.3.0 + ops_agent_version: 2.57.0 diff --git a/l2/mkosi.extra/etc/google-cloud-ops-agent/config.yaml b/l2/mkosi.extra/etc/google-cloud-ops-agent/config.yaml new file mode 100644 index 0000000..2c740cf --- /dev/null +++ b/l2/mkosi.extra/etc/google-cloud-ops-agent/config.yaml @@ -0,0 +1,18 @@ +logging: + receivers: + syslog: + type: files + include_paths: + - /var/log/messages + - /var/log/syslog + processors: + parse_json: + type: parse_json + field: message + time_key: "@timestamp" + time_format: "%Y-%m-%dT%H:%M:%S.%L%z" + service: + pipelines: + default_pipeline: + receivers: [syslog] + processors: [parse_json] diff --git a/l2/mkosi.extra/etc/prometheus-process-exporter/config.yaml b/l2/mkosi.extra/etc/prometheus-process-exporter/config.yaml new file mode 100644 index 0000000..2941f04 --- /dev/null +++ b/l2/mkosi.extra/etc/prometheus-process-exporter/config.yaml @@ -0,0 +1,4 @@ +process_names: + - name: vault-agent + cmdline: + - '^\/([-.0-9a-zA-Z]+\/)*vault[-.0-9a-zA-Z]* ' diff --git a/l2/mkosi.extra/etc/systemd/system/automount-data.service b/l2/mkosi.extra/etc/systemd/system/automount-data.service new file mode 100644 index 0000000..bf2887f --- /dev/null +++ b/l2/mkosi.extra/etc/systemd/system/automount-data.service @@ -0,0 +1,16 @@ +[Unit] +Description=Automatically mount data volume + +[Service] +Type=oneshot +SyslogIdentifier=automount-data +User=root +Group=root + +RemainAfterExit=yes + +EnvironmentFile=-/etc/sysconfig/automount-data.env +ExecStart=/usr/bin/automount-data.sh + +[Install] +WantedBy=default.target diff --git a/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.service b/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.service new file mode 100644 index 0000000..cab73ee --- /dev/null +++ b/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.service @@ -0,0 +1,15 @@ +[Unit] +Description=Ensure presence of local routes required for passthrough load-balancer +After=network-online.target +Wants=network-online.target +StartLimitIntervalSec=2 +StartLimitBurst=2 + +[Service] +User=root +Group=root +Type=oneshot +ExecStart=/usr/bin/ptlb-routes-nanny.sh + +[Install] +WantedBy=multi-user.target diff --git a/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.timer b/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.timer new file mode 100644 index 0000000..fe1cb6e --- /dev/null +++ b/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Ensure presence of local routes required for passthrough load-balancer + +[Timer] +OnCalendar=*-*-* *:*:5 +Unit=ptlb-routes-nanny.service + +[Install] +WantedBy=multi-user.target diff --git a/l2/mkosi.extra/etc/systemd/system/systemd-networkd.service.d/override.conf b/l2/mkosi.extra/etc/systemd/system/systemd-networkd.service.d/override.conf new file mode 100644 index 0000000..937d2fc --- /dev/null +++ b/l2/mkosi.extra/etc/systemd/system/systemd-networkd.service.d/override.conf @@ -0,0 +1,3 @@ +[Service] +Environment=SYSTEMD_LOG_LEVEL=debug +Environment=SYSTEMD_LOG_LOCATION=1 diff --git a/l2/mkosi.extra/etc/systemd/system/vault-agent.service b/l2/mkosi.extra/etc/systemd/system/vault-agent.service new file mode 100644 index 0000000..96f2784 --- /dev/null +++ b/l2/mkosi.extra/etc/systemd/system/vault-agent.service @@ -0,0 +1,33 @@ +[Unit] +Description=HashiCorp Vault Agent +After=network.target network-setup.service +Requires=automount-data.service +Wants=network-setup.service + +[Service] +Type=simple +SyslogIdentifier=vault-agent +User=root +Group=root + +KillMode=process +KillSignal=SIGINT +NoNewPrivileges=yes +Restart=on-failure +RestartSec=5s +TimeoutStopSec=30 + +ExecStartPre=/usr/bin/gomplate \ + --left-delim "[[" \ + --right-delim "]]" \ + --input-dir "/etc/vault-agent/gomplate" \ + --output-dir "/etc/vault-agent" \ + --include "*.hcl,*.ctmpl" + +ExecStart=/usr/bin/vault agent \ + -config /etc/vault-agent \ + -log-level info \ + -log-format json + +[Install] +WantedBy=default.target diff --git a/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.ctmpl b/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.ctmpl new file mode 100644 index 0000000..05107cb --- /dev/null +++ b/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.ctmpl @@ -0,0 +1,8 @@ +# +# rendered by vault-agent/gomplate +# +[[- range ( ( gcp.Meta "attributes/ssh-keys" ) | strings.Split "\n" ) ]] +[[- if strings.HasPrefix "ubuntu:" . ]] +[[ strings.TrimPrefix "ubuntu:" . ]] +[[- end ]] +[[- end ]] diff --git a/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.hcl b/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.hcl new file mode 100644 index 0000000..9e313f8 --- /dev/null +++ b/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.hcl @@ -0,0 +1,13 @@ +[[- if ( file.Exists "/home/ubuntu/.ssh/authorized_keys" ) ]] +template { + left_delimiter = "((" + right_delimiter = "))" + + source = "/etc/vault-agent/authorized_keys.ctmpl" + destination = "/home/ubuntu/.ssh/authorized_keys" + + user = "ubuntu" + group = "ubuntu" + perms = "0600" +} +[[- end ]] diff --git a/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl b/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl new file mode 100644 index 0000000..5fe9779 --- /dev/null +++ b/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl @@ -0,0 +1,20 @@ +pid_file = "/var/run/vault-agent.pid" + +vault { + address = "[[ gcp.Meta "attributes/vault_addr" ]]" + + retry { + num_retries = 5 + } +} + +auto_auth { + method "gcp" { + mount_path = "[[ gcp.Meta "vault_auth_mount_gcp" ]]" + + config = { + type = "gce" + role = "[[ gcp.Meta "name" ]]" + } + } +} diff --git a/l2/mkosi.extra/usr/bin/automount-data.sh b/l2/mkosi.extra/usr/bin/automount-data.sh new file mode 100755 index 0000000..07f6cca --- /dev/null +++ b/l2/mkosi.extra/usr/bin/automount-data.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +set -eu + +udevadm trigger --subsystem-match=block +udevadm settle --timeout=30 + +if [ -e /dev/disk/by-id/google-data ]; then + device=$( realpath /dev/disk/by-id/google-data ) + if ! grep -qs "${device}" /proc/mounts; then + eval $( blkid --output export ${device} ) + if [ -z "${TYPE:-}" ]; then + mkfs.ext4 -m 0 ${device} + eval $( blkid --output export ${device} ) + fi + echo "UUID=${UUID} ${MOUNT:-/var/opt/peristent} ${TYPE} defaults 0 0" >> /etc/fstab + mkdir -p ${MOUNT:-/var/opt/peristent} + chmod 0777 ${MOUNT:-/var/opt/peristent} + systemctl daemon-reload + mount --all + else + echo "Device ${device} is already mounted, skipping..." + fi +else + echo "Directory /dev/disk/by-id/google-data doesn't exist, skipping..." +fi diff --git a/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh b/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh new file mode 100644 index 0000000..80f38f9 --- /dev/null +++ b/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +set -eu + +is_ip4() { + echo "$1" | awk -F. ' + $1 <= 255 && $2 <= 255 && $3 <= 255 && $4 <= 255 && + $1 >= 0 && $2 >= 0 && $3 >= 0 && $4 >= 0 && + $1 != "" && $2 != "" && $3 != "" && $4 != "" && + NF == 4 + { exit 0 } + { exit 1 } + ' +} + +for line in "$( + ip -br link show | grep -v lo +)"; do + interface="${line%% *}" + + for idx in $( + curl \ + --header "metadata-flavor: Google" \ + --max-time 1 \ + --show-error \ + --silent \ + http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/forwarded-ips/ + ); do + ip=$( + curl \ + --header "metadata-flavor: Google" \ + --max-time 1 \ + --show-error \ + --silent \ + http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/forwarded-ips/${idx} + ) + + if is_ip4 "${ip}"; then + route="local ${ip} dev ${interface} proto 66 scope host" + + if ! ip route show table local | grep -q "${route}"; then + echo "---" + echo "$ ip route show table local" + ip route show table local + echo "---" + echo "Route is missing, adding..." + echo "---" + echo "$ ip route add ${route}" + ip route add ${route} + echo "---" + echo "$ ip route show table local" + ip route show table local + echo "---" + fi + fi + done +done diff --git a/l2/mkosi.postinst b/l2/mkosi.postinst new file mode 100755 index 0000000..8b2b36e --- /dev/null +++ b/l2/mkosi.postinst @@ -0,0 +1,33 @@ +#!/bin/bash + +set -euxo pipefail + +# Enable systemd services + +mkdir "$BUILDROOT/etc/systemd/system/minimal.target.wants" || true + +for service in \ + automount-data.service \ + google-cloud-ops-agent-fluent-bit.service \ + google-cloud-ops-agent.service \ + prometheus-node-exporter.service \ + prometheus-process-exporter.service \ + ptlb-routes-nanny.timer \ + vault-agent.service +do + mkosi-chroot systemctl enable "$service" + ln -sf "/etc/systemd/system/$service" "$BUILDROOT/etc/systemd/system/minimal.target.wants/" +done + +# Remove automatically generated vault cert + +rm -rf "$BUILDROOT/opt/vault/tls" + +# Fix permissions + +mkosi-chroot mkdir -p /vault/secrets +mkosi-chroot chmod 0770 /vault/secrets + +mkosi-chroot chmod 0750 /etc/vault-agent +mkosi-chroot chmod 0750 /etc/vault-agent/gomplate +mkosi-chroot sh -c "chmod 0640 /etc/vault-agent/gomplate/*" diff --git a/mkosi.profiles/devtools/mkosi.conf b/mkosi.profiles/devtools/mkosi.conf index c720603..f012ea7 100644 --- a/mkosi.profiles/devtools/mkosi.conf +++ b/mkosi.profiles/devtools/mkosi.conf @@ -6,12 +6,19 @@ Packages=adjtimex bash-completion curl dnsutils + iftop + iotop iputils-ping + jq net-tools netcat-openbsd openssh-server + screen socat strace + sudo tcpdump tcpflow vim + wget + zstd diff --git a/mkosi.profiles/devtools/mkosi.postinst b/mkosi.profiles/devtools/mkosi.postinst index 5eca88d..76880e4 100755 --- a/mkosi.profiles/devtools/mkosi.postinst +++ b/mkosi.profiles/devtools/mkosi.postinst @@ -1,6 +1,17 @@ #!/bin/bash + set -euxo pipefail +# Enable systemd services + +mkdir "$BUILDROOT/etc/systemd/system/minimal.target.wants" || true +for service in \ + serial-console.service +do + mkosi-chroot systemctl enable "$service" + ln -sf "/etc/systemd/system/$service" "$BUILDROOT/etc/systemd/system/minimal.target.wants/" +done + # Deterministically set root password PASSWORD="dqSPjo4p" HASH=$(mkosi-chroot openssl passwd -6 -salt salt "$PASSWORD") @@ -11,8 +22,26 @@ if [ -f "$BUILDROOT/etc/default/dropbear" ]; then # Remove -s, -w, -g flags from dropbear args sed -i '/^DROPBEAR_EXTRA_ARGS=/s/-[swg] \?//g' "$BUILDROOT/etc/default/dropbear" else - echo "PermitRootLogin yes" >> "$BUILDROOT/etc/ssh/sshd_config" + echo "PermitRootLogin yes" >> "$BUILDROOT/etc/ssh/sshd_config" echo "PasswordAuthentication yes" >> "$BUILDROOT/etc/ssh/sshd_config" mkosi-chroot systemctl enable ssh.service mkosi-chroot systemctl unmask ssh.service ssh.socket fi + +# Create users and groups +mkosi-chroot groupadd -g 1000 ubuntu || true +mkosi-chroot useradd -u 1000 -g ubuntu -m -s /bin/bash ubuntu || true + +cat < "$BUILDROOT/etc/sudoers.d/ubuntu" +# user "ubuntu" b/c all our current scripts assume "ubuntu" exists +ubuntu ALL=(ALL) NOPASSWD:ALL +EOF +mkosi-chroot chmod 0440 /etc/sudoers.d/ubuntu + +mkosi-chroot mkdir -p /home/ubuntu/.ssh +mkosi-chroot chmod 0750 /home/ubuntu/.ssh +mkosi-chroot chown ubuntu:ubuntu /home/ubuntu/.ssh + +mkosi-chroot touch /home/ubuntu/.ssh/authorized_keys +mkosi-chroot chmod 0600 /home/ubuntu/.ssh/authorized_keys +mkosi-chroot chown ubuntu:ubuntu /home/ubuntu/.ssh/authorized_keys diff --git a/mkosi.profiles/gcp/mkosi.conf b/mkosi.profiles/gcp/mkosi.conf index c1ab042..344c421 100644 --- a/mkosi.profiles/gcp/mkosi.conf +++ b/mkosi.profiles/gcp/mkosi.conf @@ -1,4 +1,10 @@ [Content] ExtraTrees=mkosi.extra -Packages=udev +Packages=chrony + dbus + logrotate + nvme-cli + rsyslog + udev + xxd diff --git a/services/chrony.conf b/mkosi.profiles/gcp/mkosi.extra/etc/chrony/chrony.conf similarity index 100% rename from services/chrony.conf rename to mkosi.profiles/gcp/mkosi.extra/etc/chrony/chrony.conf diff --git a/mkosi.profiles/gcp/mkosi.extra/etc/logrotate.d/rsyslog b/mkosi.profiles/gcp/mkosi.extra/etc/logrotate.d/rsyslog new file mode 100644 index 0000000..16d7e1e --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/etc/logrotate.d/rsyslog @@ -0,0 +1,13 @@ +/var/log/syslog { + hourly + rotate 2 + notifempty + create + nocompress + missingok + size 128M + sharedscripts + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} diff --git a/mkosi.profiles/gcp/mkosi.extra/etc/rsyslog.d/01-json-template.conf b/mkosi.profiles/gcp/mkosi.extra/etc/rsyslog.d/01-json-template.conf new file mode 100644 index 0000000..c3e9362 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/etc/rsyslog.d/01-json-template.conf @@ -0,0 +1,40 @@ +# This template formats an event's metadata as JSON while leaving the event's message as-is (expects already JSON) +# The position.from addresses this known behavior https://www.rsyslog.com/log-normalization-and-the-leading-space/ +template(name="json-event-json-msg" + type="list") { + constant(value="{") + constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339") + constant(value="\",\"sysloghost\":\"") property(name="hostname") + constant(value="\",\"procid\":\"") property(name="procid") + constant(value="\",\"facility\":\"") property(name="syslogfacility-text") + constant(value="\",\"severity\":\"") property(name="syslogseverity-text") + constant(value="\",\"source\":\"") property(name="programname") + constant(value="\",\"message\":") property(name="msg" position.from="2") + constant(value="}\n") +} + +# This template formats an event's metadata and message as JSON (expects message is string) +# The position.from addresses this known behavior https://www.rsyslog.com/log-normalization-and-the-leading-space/ +template(name="json-event-string-msg" + type="list") { + constant(value="{") + constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339") + constant(value="\",\"sysloghost\":\"") property(name="hostname") + constant(value="\",\"procid\":\"") property(name="procid") + constant(value="\",\"facility\":\"") property(name="syslogfacility-text") + constant(value="\",\"severity\":\"") property(name="syslogseverity-text") + constant(value="\",\"source\":\"") property(name="programname") + constant(value="\",\"message\":\"") property(name="msg" format="json" position.from="2") + constant(value="\"}\n") +} + +# This conditional action determines which template to use based on the beginning of the event's message value +# Assumes that if a message starts with {, then that message is JSON +# This follows the pattern found in /etc/rsyslog.d/50-default.conf +if ($msg startswith " {") then { + *.*;auth,authpriv.none -/var/log/syslog;json-event-json-msg + & stop +} else { + *.*;auth,authpriv.none -/var/log/syslog;json-event-string-msg + & stop +} diff --git a/mkosi.profiles/gcp/mkosi.extra/etc/systemd/journald.conf b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/journald.conf new file mode 100644 index 0000000..1000e11 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/journald.conf @@ -0,0 +1,50 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it under the +# terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# Entries in this file show the compile time defaults. Local configuration +# should be created by either modifying this file (or a copy of it placed in +# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in +# the /etc/systemd/journald.conf.d/ directory. The latter is generally +# recommended. Defaults can be restored by simply deleting the main +# configuration file and all drop-ins located in /etc/. +# +# Use 'systemd-analyze cat-config systemd/journald.conf' to display the full config. +# +# See journald.conf(5) for details. + +[Journal] +#Storage=auto +#Compress=yes +#Seal=yes +#SplitMode=uid +#SyncIntervalSec=5m +#RateLimitIntervalSec=30s +#RateLimitBurst=10000 +#SystemMaxUse= +#SystemKeepFree= +SystemMaxFileSize=128M +SystemMaxFiles=2 +#RuntimeMaxUse=64K +#RuntimeKeepFree= +RuntimeMaxFileSize=512K +RuntimeMaxFiles=2 +#MaxRetentionSec=0 +#MaxFileSec=1month +#ForwardToSyslog=no +#ForwardToKMsg=no +#ForwardToConsole=no +#ForwardToWall=yes +#TTYPath=/dev/console +#MaxLevelStore=debug +#MaxLevelSyslog=debug +#MaxLevelKMsg=notice +#MaxLevelConsole=info +#MaxLevelWall=emerg +#MaxLevelSocket=debug +#LineMax=48K +#ReadKMsg=yes +#Audit=yes diff --git a/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/logrotate.timer.d/override.conf b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/logrotate.timer.d/override.conf new file mode 100644 index 0000000..67bfdb7 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/logrotate.timer.d/override.conf @@ -0,0 +1,3 @@ +[Timer] +OnCalendar=*-*-* *:0/5:42 +RandomizedDelaySec=15 diff --git a/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/set-hostname.service b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/set-hostname.service new file mode 100644 index 0000000..209cd01 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/set-hostname.service @@ -0,0 +1,14 @@ +[Unit] +Description=Set hostname +ConditionFirstBoot=yes +After=network.target network-setup.service +Wants=network-setup.service + +[Service] +User=root +Group=root +Type=oneshot +ExecStart=/usr/bin/set-hostname.sh + +[Install] +WantedBy=default.target diff --git a/mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh b/mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh new file mode 100755 index 0000000..697dd41 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +while true; do + if hostname=$( + curl --header "Metadata-Flavor: Google" --silent --show-error \ + http://169.254.169.254/computeMetadata/v1/instance/name + ); then + echo "Setting up hostname to '${hostname}'..." + hostname ${hostname} + echo 127.0.0.1 "${hostname}" >> /etc/hosts + systemctl restart rsyslog + exit 0 + fi + + sleep 1 +done diff --git a/mkosi.profiles/gcp/mkosi.postinst b/mkosi.profiles/gcp/mkosi.postinst new file mode 100755 index 0000000..067a5f8 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.postinst @@ -0,0 +1,39 @@ +#!/bin/bash + +set -euxo pipefail + +# Enable systemd services + +mkdir "$BUILDROOT/etc/systemd/system/minimal.target.wants" || true +for service in \ + rsyslog.service \ + sys-kernel-config.mount \ + syslog.socket +do + mkosi-chroot systemctl unmask "$service" + mkosi-chroot systemctl enable "$service" + ln -sf "/etc/systemd/system/$service" "$BUILDROOT/etc/systemd/system/minimal.target.wants/" +done +for service in \ + chrony.service \ + logrotate.timer \ + ptlb-routes-nanny.timer \ + rsyslog.service \ + set-hostname.service \ + vault-agent.service +do + mkosi-chroot systemctl enable "$service" + ln -sf "/etc/systemd/system/$service" "$BUILDROOT/etc/systemd/system/minimal.target.wants/" +done + +if [ -f /etc/rsyslog.d/50-default.conf ]; then + sed -i 's/^.*\/var\/log\/syslog.*$/# &/' /etc/rsyslog.d/50-default.conf +fi + +# Limit root filesystem size to 4GB + +mkosi-chroot sed -i '1a mount -o remount,size=4G /' /init + +# Remove automatically generated nvme data + +rm -rf "$BUILDROOT/etc/nvme/hostid" "$BUILDROOT/etc/nvme/hostnqn" From c8dc66ea3f0391157af6b86193d365862440bfca Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 7 Nov 2025 12:53:58 +0100 Subject: [PATCH 05/33] fix: measurement output --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5154bc6..215b6d7 100644 --- a/Makefile +++ b/Makefile @@ -60,7 +60,7 @@ measure-gcp: ## Export TDX measurements for GCP echo "Error: build/tdx-debian.efi not found. Run 'make build' first."; \ exit 1; \ fi - @$(WRAPPER) dstack-mr -uki build/tdx-debian.efi -json > build/gcp_measurements.json + @$(WRAPPER) bash -c "dstack-mr -uki build/tdx-debian.efi -json > build/gcp_measurements.json" echo "GCP Measurements exported to build/gcp_measurements.json" # Clean build artifacts From 323947cf1a0bfb115e687d9b13a53c94f30c8e74 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 7 Nov 2025 13:33:15 +0100 Subject: [PATCH 06/33] feat: use available resources + 2.0 readiness --- scripts/env_wrapper.sh | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/scripts/env_wrapper.sh b/scripts/env_wrapper.sh index bafd74c..e50ec45 100755 --- a/scripts/env_wrapper.sh +++ b/scripts/env_wrapper.sh @@ -8,7 +8,7 @@ should_use_lima() { # Use Lima by default for now true || # Use Lima on macOS or if FORCE_LIMA is set - [[ "$OSTYPE" == "darwin"* ]] || [ -n "${FORCE_LIMA:-}" ] || + [[ "$OSTYPE" == "darwin"* ]] || [ -n "${FORCE_LIMA:-}" ] || # Use Lima if it's available but Nix is not (command -v limactl &>/dev/null && ! command -v nix &>/dev/null) } @@ -22,29 +22,42 @@ setup_lima() { exit 1 fi + LIMA_CPUS="${LIMA_CPUS:-$( nproc )}" + LIMA_MEMORY="${LIMA_MEMORY:-$( free -g | awk '/^Mem:/ {print $2-2 }' )}" + # Create VM if it doesn't exist if ! limactl list "$LIMA_VM" > /dev/null 2>&1; then declare -a args=() - if [ -n "${LIMA_CPUS:-}" ]; then - args+=("--cpus" "$LIMA_CPUS") - fi - if [ -n "${LIMA_MEMORY:-}" ]; then - args+=("--memory" "$LIMA_MEMORY") - fi + args+=("--cpus" "$LIMA_CPUS") + args+=("--memory" "$LIMA_MEMORY") if [ -n "${LIMA_DISK:-}" ]; then args+=("--disk" "$LIMA_DISK") fi echo -e "Creating $LIMA_VM VM..." # Portable way to expand array on bash 3 & 4 - limactl create -y --name "$LIMA_VM" ${args[@]+"${args[@]}"} lima.yaml + limactl create --yes \ + --name "$LIMA_VM" \ + --set ".mounts=[{\"location\":\"$( pwd )\",\"mountPoint\":\"/home/debian/mnt\",\"writable\":true}]" \ + ${args[@]+"${args[@]}"} \ + lima.yaml fi # Start VM if not running status=$(limactl list "$LIMA_VM" --format "{{.Status}}") if [ "$status" != "Running" ]; then + declare -a args=() + args+=("--cpus" "$LIMA_CPUS") + args+=("--memory" "$LIMA_MEMORY") + if [ -n "${LIMA_DISK:-}" ]; then + args+=("--disk" "$LIMA_DISK") + fi + echo -e "Starting $LIMA_VM VM..." - limactl start -y "$LIMA_VM" + limactl start --yes \ + --timeout 30m \ + ${args[@]+"${args[@]}"} \ + "$LIMA_VM" rm -f NvVars # Remove stray file created by QEMU fi @@ -76,7 +89,7 @@ is_mkosi_cmd() { } if is_mkosi_cmd && [ -n "${MKOSI_EXTRA_ARGS:-}" ]; then - # TODO: these args will be overriden by default cache/out dir in Lima + # TODO: these args will be overridden by default cache/out dir in Lima # Not a big deal, but might worth fixing cmd+=($MKOSI_EXTRA_ARGS) fi From ed22ad0be86b79c833161d21c05e983a4f145bb3 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 7 Nov 2025 13:52:27 +0100 Subject: [PATCH 07/33] feat: add preflight command --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 215b6d7..2176715 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,9 @@ check-perms: ## Check repository permissions setup: ## Install dependencies (Linux only) @scripts/setup_deps.sh +preflight: + @$(WRAPPER) echo "Ready to build" + # Build module build: check-perms setup ## Build the specified module $(WRAPPER) mkosi --force -I $(IMAGE).conf From 7e48660adac977c06b5a77c732faef99c48bb001 Mon Sep 17 00:00:00 2001 From: Ilya Lukyanov Date: Fri, 7 Nov 2025 17:34:17 +0000 Subject: [PATCH 08/33] use fixed time in kernel build --- kernel/mkosi.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/mkosi.build b/kernel/mkosi.build index 76875d9..808485b 100755 --- a/kernel/mkosi.build +++ b/kernel/mkosi.build @@ -37,7 +37,7 @@ else # Build kernel cd "$build_dir" cp "$config_file" .config - export KBUILD_BUILD_TIMESTAMP="$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%s)})" + export KBUILD_BUILD_TIMESTAMP="$(date -u -d @$(git log -1 --pretty=%ct))" export KBUILD_BUILD_USER="mkosi" KBUILD_BUILD_HOST="mkosi-builder" mkosi-chroot --chdir "/build/kernel-${KERNEL_VERSION}" make olddefconfig From c41a2cd64cf19fbf59d68da5d74af6814b9a6fcd Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 11 Nov 2025 00:05:16 +0100 Subject: [PATCH 09/33] fix: "normalise" yocto kernel --- kernel/kernel-yocto.config | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/kernel/kernel-yocto.config b/kernel/kernel-yocto.config index 67deb8c..8bb6190 100644 --- a/kernel/kernel-yocto.config +++ b/kernel/kernel-yocto.config @@ -2,7 +2,7 @@ # Automatically generated file; DO NOT EDIT. # Linux/x86 6.6.35 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="x86_64-poky-linux-gcc (GCC) 13.3.0" +CONFIG_CC_VERSION_TEXT="gcc (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=130300 CONFIG_CLANG_VERSION=0 @@ -11,12 +11,14 @@ CONFIG_AS_VERSION=24200 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=24200 CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y CONFIG_TOOLS_SUPPORT_RELR=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y -CONFIG_PAHOLE_VERSION=125 +CONFIG_PAHOLE_VERSION=0 CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -39,7 +41,7 @@ CONFIG_HAVE_KERNEL_LZ4=y CONFIG_HAVE_KERNEL_ZSTD=y # CONFIG_KERNEL_GZIP is not set # CONFIG_KERNEL_BZIP2 is not set -CONFIG_KERNEL_LZMA=y +# CONFIG_KERNEL_LZMA is not set # CONFIG_KERNEL_XZ is not set # CONFIG_KERNEL_LZO is not set # CONFIG_KERNEL_LZ4 is not set @@ -316,7 +318,6 @@ CONFIG_X86_X2APIC=y # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set # CONFIG_X86_CPU_RESCTRL is not set -# CONFIG_QEMUX86 is not set CONFIG_X86_EXTENDED_PLATFORM=y # CONFIG_X86_VSMP is not set # CONFIG_X86_GOLDFISH is not set @@ -747,7 +748,6 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y # end of GCOV-based kernel profiling CONFIG_HAVE_GCC_PLUGINS=y -# CONFIG_GCC_PLUGINS is not set CONFIG_FUNCTION_ALIGNMENT_4B=y CONFIG_FUNCTION_ALIGNMENT_16B=y CONFIG_FUNCTION_ALIGNMENT=16 @@ -1178,6 +1178,7 @@ CONFIG_NF_DEFRAG_IPV6=y # CONFIG_NF_CONNTRACK_BRIDGE is not set # CONFIG_BRIDGE_NF_EBTABLES is not set # CONFIG_BPFILTER is not set +# CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set # CONFIG_TIPC is not set @@ -3942,10 +3943,8 @@ CONFIG_OVERLAY_FS_METACOPY=y CONFIG_FAT_FS=y # CONFIG_MSDOS_FS is not set CONFIG_VFAT_FS=y -# CONFIG_VFAT_FS_NO_DUALNAMES is not set CONFIG_FAT_DEFAULT_CODEPAGE=437 CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" -# CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES is not set # CONFIG_FAT_DEFAULT_UTF8 is not set # CONFIG_EXFAT_FS is not set # CONFIG_NTFS_FS is not set @@ -3978,7 +3977,6 @@ CONFIG_EFIVAR_FS=y CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y # CONFIG_NFS_V2 is not set -CONFIG_NFS_DEF_FILE_IO_SIZE=4096 CONFIG_NFS_V3=y # CONFIG_NFS_V3_ACL is not set CONFIG_NFS_V4=y @@ -4386,10 +4384,14 @@ CONFIG_CRC32_SLICEBY8=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=m CONFIG_CRC8=m +CONFIG_XXHASH=y # CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y +CONFIG_ZSTD_COMMON=y +CONFIG_ZSTD_DECOMPRESS=y # CONFIG_XZ_DEC is not set CONFIG_DECOMPRESS_GZIP=y +CONFIG_DECOMPRESS_ZSTD=y CONFIG_GENERIC_ALLOCATOR=y CONFIG_INTERVAL_TREE=y CONFIG_ASSOCIATIVE_ARRAY=y @@ -4471,10 +4473,9 @@ CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y # CONFIG_DEBUG_INFO_REDUCED is not set CONFIG_DEBUG_INFO_COMPRESSED_NONE=y # CONFIG_DEBUG_INFO_COMPRESSED_ZLIB is not set +# CONFIG_DEBUG_INFO_COMPRESSED_ZSTD is not set # CONFIG_DEBUG_INFO_SPLIT is not set # CONFIG_DEBUG_INFO_BTF is not set -CONFIG_PAHOLE_HAS_SPLIT_BTF=y -CONFIG_PAHOLE_HAS_LANG_EXCLUDE=y # CONFIG_GDB_SCRIPTS is not set CONFIG_FRAME_WARN=2048 # CONFIG_STRIP_ASM_SYMS is not set From 865b9f8a4717d279f13853b74e9b91fb3bf12a15 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 11 Nov 2025 00:06:33 +0100 Subject: [PATCH 10/33] fix: "normalise" ubuntu kernel config snippet --- kernel/snippets/ubuntu.config | 2858 ++++++++++++++++++++++++++------- 1 file changed, 2263 insertions(+), 595 deletions(-) diff --git a/kernel/snippets/ubuntu.config b/kernel/snippets/ubuntu.config index 3bbf3f4..bd2e3c6 100644 --- a/kernel/snippets/ubuntu.config +++ b/kernel/snippets/ubuntu.config @@ -1,55 +1,702 @@ +CONFIG_6LOWPAN=y +CONFIG_8139CP=y +CONFIG_8139TOO=y CONFIG_ACCESSIBILITY=y CONFIG_ACPI_AC=y CONFIG_ACPI_APEI=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BGRT=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_DEBUG=y +CONFIG_ACPI_DEBUGGER=y +CONFIG_ACPI_DOCK=y +CONFIG_ACPI_DPTF=y +CONFIG_ACPI_FAN=y +CONFIG_ACPI_FFH=y +CONFIG_ACPI_FPDT=y +CONFIG_ACPI_HED=y +CONFIG_ACPI_I2C_OPREGION=y +CONFIG_ACPI_MDIO=y +CONFIG_ACPI_PCI_SLOT=y +CONFIG_ACPI_PRMT=y +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +CONFIG_ACPI_SPCR_TABLE=y +CONFIG_ACPI_TABLE_UPGRADE=y +CONFIG_ACPI_THERMAL=y +CONFIG_ACPI_VIDEO=y +CONFIG_ACPI_WMI=y +CONFIG_ACRN_GUEST=y +CONFIG_AGP_AMD64=y +CONFIG_AGP_VIA=y +CONFIG_AIX_PARTITION=y +CONFIG_ALX=y +CONFIG_AMD_IOMMU=y +CONFIG_AMD_MEM_ENCRYPT=y +CONFIG_AMIGA_PARTITION=y +CONFIG_ANON_VMA_NAME=y +CONFIG_APPLE_PROPERTIES=y +CONFIG_ATARI_PARTITION=y +CONFIG_ATA_GENERIC=y +CONFIG_ATA_VERBOSE_ERROR=y +CONFIG_ATH5K=y +CONFIG_ATH9K=y +CONFIG_ATH9K_COMMON=y +CONFIG_ATH9K_HW=y +CONFIG_ATH_COMMON=y +CONFIG_ATL1=y +CONFIG_ATL1C=y +CONFIG_ATL1E=y +CONFIG_ATL2=y +CONFIG_AUDIT=y +CONFIG_AUXDISPLAY=y +CONFIG_AX88796B_PHY=y +CONFIG_BACKLIGHT_CLASS_DEVICE=y +# CONFIG_BASE_SMALL is not set +CONFIG_BATTERY_SAMSUNG_SDI=y +CONFIG_BCM84881_PHY=y +CONFIG_BCMA=y +CONFIG_BLK_CGROUP_IOPRIO=y +CONFIG_BLK_DEV_BSG=y +CONFIG_BLK_DEV_FD=y +CONFIG_BLK_DEV_INTEGRITY=y +CONFIG_BLK_DEV_MD=y +CONFIG_BLK_DEV_ZONED=y +CONFIG_BLK_INLINE_ENCRYPTION=y +CONFIG_BLK_SED_OPAL=y +CONFIG_BLK_WBT=y +CONFIG_BLOCK_LEGACY_AUTOLOAD=y +CONFIG_BNX2X=y +CONFIG_BNXT=y +CONFIG_BOOT_CONFIG=y +CONFIG_BOOT_PRINTK_DELAY=y +CONFIG_BPF_JIT_ALWAYS_ON=y +CONFIG_BPF_STREAM_PARSER=y +CONFIG_BPF_UNPRIV_DEFAULT_OFF=y +CONFIG_BSD_DISKLABEL=y +CONFIG_BT_6LOWPAN=y +CONFIG_BT_BNEP=y +CONFIG_BT_HIDP=y +CONFIG_BT_RFCOMM=y +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_CFG80211=y +CONFIG_CFS_BANDWIDTH=y +CONFIG_CHROME_PLATFORMS=y +CONFIG_CHR_DEV_SG=y +CONFIG_CMDLINE_PARTITION=y +CONFIG_COMPACTION=y +CONFIG_COMPAT_32BIT_TIME=y +CONFIG_CONFIGFS_FS=y +CONFIG_CORDIC=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y +CONFIG_CPU_FREQ_GOV_POWERSAVE=y +CONFIG_CPU_FREQ_GOV_USERSPACE=y +CONFIG_CPU_IDLE_GOV_HALTPOLL=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_TEO=y +CONFIG_CPU_ISOLATION=y +CONFIG_CPU_MITIGATIONS=y +CONFIG_CRASH_DUMP=y +CONFIG_CRC64=y +CONFIG_CRC_CCITT=y +CONFIG_CRC_T10DIF=y +CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_CRYPTO_BLAKE2S_X86=y +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_CTR=y +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_DH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_HW=y +CONFIG_CRYPTO_LIB_ARC4=y +CONFIG_CRYPTO_LIB_GF128MUL=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_SHA1=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_AEAD=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_RNG=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +CONFIG_DAX=y +CONFIG_DCB=y +CONFIG_DEBUG_FS=y +CONFIG_DEBUG_INFO_DWARF5=y +# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set +CONFIG_DEBUG_MISC=y +CONFIG_DEBUG_WX=y +# CONFIG_DEFAULT_SECURITY_DAC is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEVMEM=y +CONFIG_DEVPORT=y +CONFIG_DEVTMPFS_SAFE=y +CONFIG_DL2K=y +CONFIG_DMABUF_HEAPS=y +CONFIG_DMABUF_MOVE_NOTIFY=y +CONFIG_DMADEVICES=y +CONFIG_DMIID=y +CONFIG_DM_INIT=y +CONFIG_DM_UEVENT=y +CONFIG_DRM_ACCEL=y +CONFIG_DRM_BUDDY=y +CONFIG_DRM_CIRRUS_QEMU=y +CONFIG_DRM_DISPLAY_HELPER=y +CONFIG_DRM_FBDEV_EMULATION=y +CONFIG_DRM_I915=y +CONFIG_DRM_LOAD_EDID_FIRMWARE=y +CONFIG_DRM_SIMPLEDRM=y +CONFIG_DRM_TTM=y +CONFIG_DYNAMIC_DEBUG=y +CONFIG_DYNAMIC_DEBUG_CORE=y +CONFIG_EARLY_PRINTK_DBGP=y +CONFIG_EARLY_PRINTK_USB_XDBC=y +CONFIG_EDD=y +CONFIG_EEPROM_AT24=y +CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y +CONFIG_EFI_DXE_MEM_ATTRIBUTES=y +CONFIG_EFI_HANDOVER_PROTOCOL=y +CONFIG_EFI_MIXED=y +CONFIG_EFI_RCI2_TABLE=y +CONFIG_ENCRYPTED_KEYS=y +CONFIG_ENERGY_MODEL=y +CONFIG_ETHTOOL_NETLINK=y +CONFIG_EXPERT=y +CONFIG_EXPORTFS_BLOCK_OPS=y +CONFIG_EXT4_USE_FOR_EXT2=y +CONFIG_EXTCON=y +CONFIG_FANOTIFY=y +CONFIG_FB_ASILIANT=y +CONFIG_FB_DEVICE=y +CONFIG_FB_IMSTT=y +CONFIG_FB_TILEBLITTING=y +CONFIG_FB_UVESA=y +CONFIG_FDDI=y +CONFIG_FIRMWARE_EDID=y +CONFIG_FIXED_PHY=y +CONFIG_FONTS=y +CONFIG_FORTIFY_SOURCE=y +CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y +CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y +CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y +CONFIG_FS_ENCRYPTION=y +CONFIG_FS_VERITY=y +CONFIG_FTRACE=y +CONFIG_FUSION=y +CONFIG_FWNODE_MDIO=y +CONFIG_FW_LOADER_COMPRESS=y +CONFIG_FW_LOADER_USER_HELPER=y +CONFIG_FW_UPLOAD=y +CONFIG_GART_IOMMU=y +CONFIG_GDB_SCRIPTS=y +CONFIG_GENERIC_PHY=y +CONFIG_GPIOLIB=y +CONFIG_HAMRADIO=y +CONFIG_HARDENED_USERCOPY=y +CONFIG_HARDLOCKUP_DETECTOR=y +CONFIG_HIBERNATION=y +CONFIG_HID_PID=y +CONFIG_HIGH_RES_TIMERS=y +CONFIG_HOTPLUG_PCI_ACPI=y +CONFIG_HOTPLUG_PCI_CPCI=y +CONFIG_HOTPLUG_PCI_PCIE=y +CONFIG_HOTPLUG_PCI_SHPC=y +CONFIG_HPET_MMAP_DEFAULT=y +CONFIG_HTE=y +CONFIG_HUGETLBFS=y +CONFIG_HWMON=y +CONFIG_HWSPINLOCK=y +CONFIG_HW_RANDOM_TPM=y +CONFIG_I2C_CHARDEV=y +CONFIG_I2C_DESIGNWARE_PLATFORM=y +CONFIG_I2C_SLAVE=y +CONFIG_IDLE_PAGE_TRACKING=y +CONFIG_IGBVF=y +CONFIG_IGC=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y +CONFIG_INITRAMFS_PRESERVE_MTIME=y +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y +CONFIG_INPUT_JOYSTICK=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_SPARSEKMAP=y +CONFIG_INTEL_HFI_THERMAL=y +CONFIG_INTEL_IOMMU=y +CONFIG_INTEL_SCU_PCI=y +CONFIG_INTERCONNECT=y +# CONFIG_IO_DELAY_0X80 is not set +CONFIG_IO_DELAY_0XED=y +CONFIG_IPV6_IOAM6_LWTUNNEL=y +CONFIG_IPV6_MROUTE=y +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_ROUTER_PREF=y +CONFIG_IPV6_SEG6_HMAC=y +CONFIG_IPV6_SEG6_LWTUNNEL=y +CONFIG_IP_FIB_TRIE_STATS=y +CONFIG_IP_MROUTE_MULTIPLE_TABLES=y +CONFIG_IRQ_POLL=y +CONFIG_JAILHOUSE_GUEST=y +CONFIG_JME=y +CONFIG_JUMP_LABEL=y +CONFIG_KALLSYMS_ALL=y +CONFIG_KARMA_PARTITION=y +CONFIG_KEXEC=y +CONFIG_KEXEC_FILE=y +CONFIG_KEYS_REQUEST_CACHE=y +CONFIG_KEY_DH_OPERATIONS=y +CONFIG_KFENCE=y +CONFIG_KGDB=y +CONFIG_KPROBES=y +CONFIG_KSM=y +CONFIG_LATENCYTOP=y +CONFIG_LDISC_AUTOLOAD=y +CONFIG_LDM_PARTITION=y +CONFIG_LEDS_BRIGHTNESS_HW_CHANGED=y +CONFIG_LEDS_TRIGGER_CPU=y +CONFIG_LEDS_TRIGGER_DISK=y +CONFIG_LEDS_TRIGGER_PANIC=y +CONFIG_LED_TRIGGER_PHY=y +CONFIG_LEGACY_PTYS=y +CONFIG_LIBNVDIMM=y +CONFIG_LRU_GEN=y +CONFIG_LWTUNNEL=y +CONFIG_MAC80211=y +CONFIG_MACINTOSH_DRIVERS=y +CONFIG_MACVTAP=y +CONFIG_MAC_PARTITION=y +CONFIG_MAGIC_SYSRQ_SERIAL=y +CONFIG_MAILBOX=y +CONFIG_MAXSMP=y +CONFIG_MCTP=y +CONFIG_MDIO=y +CONFIG_MDIO_BUS=y +CONFIG_MDIO_DEVICE=y +CONFIG_MDIO_DEVRES=y +CONFIG_MEDIA_CEC_SUPPORT=y +CONFIG_MEGARAID_NEWGEN=y +CONFIG_MELLANOX_PLATFORM=y +CONFIG_MEMORY=y +CONFIG_MEMORY_FAILURE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMTEST=y +CONFIG_MEM_SOFT_DIRTY=y +CONFIG_MFD_88PM860X=y +CONFIG_MFD_AS3711=y +CONFIG_MFD_DA9052_I2C=y +CONFIG_MFD_DA9055=y +CONFIG_MFD_DA9063=y +CONFIG_MFD_LP8788=y +CONFIG_MFD_MAX14577=y +CONFIG_MFD_MAX77693=y +CONFIG_MFD_MAX77843=y +CONFIG_MFD_MAX8925=y +CONFIG_MFD_MAX8997=y +CONFIG_MFD_MAX8998=y +CONFIG_MFD_PALMAS=y +CONFIG_MFD_RC5T583=y +CONFIG_MFD_SYSCON=y +CONFIG_MFD_TPS65090=y +CONFIG_MFD_TPS6586X=y +CONFIG_MFD_TPS65912_I2C=y +CONFIG_MFD_WM831X_I2C=y +CONFIG_MFD_WM8350_I2C=y +CONFIG_MFD_WM8400=y +CONFIG_MINIX_SUBPARTITION=y +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_MODULES is not set +CONFIG_MPTCP=y +CONFIG_MQ_IOSCHED_DEADLINE=y +CONFIG_MTRR_SANITIZER=y +CONFIG_NETFILTER_EGRESS=y +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETWORK_PHY_TIMESTAMPING=y +CONFIG_NETWORK_SECMARK=y +CONFIG_NET_FC=y +CONFIG_NET_IP_TUNNEL=y +CONFIG_NET_L3_MASTER_DEV=y +CONFIG_NET_MPLS_GSO=y +CONFIG_NET_NCSI=y +CONFIG_NET_NSH=y +CONFIG_NET_SCHED=y +CONFIG_NET_SELFTESTS=y +CONFIG_NET_SWITCHDEV=y +CONFIG_NET_UDP_TUNNEL=y +CONFIG_NET_VENDOR_ADAPTEC=y +CONFIG_NET_VENDOR_AGERE=y +CONFIG_NET_VENDOR_ALACRITECH=y +CONFIG_NET_VENDOR_ALTEON=y +CONFIG_NET_VENDOR_AMAZON=y +CONFIG_NET_VENDOR_AQUANTIA=y +CONFIG_NET_VENDOR_ARC=y +CONFIG_NET_VENDOR_ASIX=y +CONFIG_NET_VENDOR_BROCADE=y +CONFIG_NET_VENDOR_CADENCE=y +CONFIG_NET_VENDOR_CAVIUM=y +CONFIG_NET_VENDOR_CHELSIO=y +CONFIG_NET_VENDOR_CISCO=y +CONFIG_NET_VENDOR_CORTINA=y +CONFIG_NET_VENDOR_DAVICOM=y +CONFIG_NET_VENDOR_DEC=y +CONFIG_NET_VENDOR_EMULEX=y +CONFIG_NET_VENDOR_ENGLEDER=y +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_FUNGIBLE=y +CONFIG_NET_VENDOR_HUAWEI=y +CONFIG_NET_VENDOR_I825XX=y +CONFIG_NET_VENDOR_LITEX=y +CONFIG_NET_VENDOR_MELLANOX=y +CONFIG_NET_VENDOR_MICREL=y +CONFIG_NET_VENDOR_MICROCHIP=y +CONFIG_NET_VENDOR_MICROSEMI=y +CONFIG_NET_VENDOR_MICROSOFT=y +CONFIG_NET_VENDOR_MYRI=y +CONFIG_NET_VENDOR_NATSEMI=y +CONFIG_NET_VENDOR_NETERION=y +CONFIG_NET_VENDOR_NETRONOME=y +CONFIG_NET_VENDOR_NI=y +CONFIG_NET_VENDOR_NVIDIA=y +CONFIG_NET_VENDOR_OKI=y +CONFIG_NET_VENDOR_PACKET_ENGINES=y +CONFIG_NET_VENDOR_PENSANDO=y +CONFIG_NET_VENDOR_QLOGIC=y +CONFIG_NET_VENDOR_QUALCOMM=y +CONFIG_NET_VENDOR_RDC=y +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +CONFIG_NET_VENDOR_SIS=y +CONFIG_NET_VENDOR_SMSC=y +CONFIG_NET_VENDOR_SOCIONEXT=y +CONFIG_NET_VENDOR_SOLARFLARE=y +CONFIG_NET_VENDOR_STMICRO=y +CONFIG_NET_VENDOR_SUN=y +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_NET_VENDOR_TEHUTI=y +CONFIG_NET_VENDOR_TI=y +CONFIG_NET_VENDOR_VERTEXCOM=y +CONFIG_NET_VENDOR_VIA=y +CONFIG_NET_VENDOR_WANGXUN=y +CONFIG_NET_VENDOR_WIZNET=y +CONFIG_NET_VENDOR_XILINX=y +CONFIG_NMI_CHECK_CPU=y +CONFIG_NO_HZ_FULL=y +# CONFIG_NO_HZ_IDLE is not set +CONFIG_NR_CPUS=8192 +CONFIG_NR_CPUS_DEFAULT=8192 +CONFIG_NR_CPUS_RANGE_BEGIN=8192 +CONFIG_NR_CPUS_RANGE_END=8192 +CONFIG_NUMA=y +CONFIG_OPENVSWITCH=y +CONFIG_OSF_PARTITION=y +CONFIG_PACKING=y +CONFIG_PAGE_POISONING=y +CONFIG_PAGE_POOL_STATS=y +CONFIG_PARPORT=y +CONFIG_PARPORT_PC=y +CONFIG_PATA_SIS=y +CONFIG_PCIEAER=y +CONFIG_PCIE_DW_PLAT_HOST=y +CONFIG_PCIE_PTM=y +CONFIG_PCI_ENDPOINT=y +CONFIG_PCI_MMCONFIG=y +CONFIG_PCI_PASID=y +CONFIG_PCI_PRI=y +CONFIG_PCI_REALLOC_ENABLE_AUTO=y +CONFIG_PCNET32=y +CONFIG_PCPU_DEV_REFCNT=y +CONFIG_PERF_EVENTS_AMD_BRS=y +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERSISTENT_KEYRINGS=y +CONFIG_PGTABLE_LEVELS=5 +CONFIG_PHYLIB=y +CONFIG_PHYLINK=y +CONFIG_PINCTRL_AMD=y +CONFIG_PINCTRL_BAYTRAIL=y +CONFIG_PINCTRL_CHERRYVIEW=y +CONFIG_PINCTRL_SX150X=y +CONFIG_PMIC_ADP5520=y +CONFIG_PMIC_DA903X=y +CONFIG_PMIC_OPREGION=y +CONFIG_PM_DEVFREQ=y +CONFIG_POWERCAP=y +CONFIG_POWER_RESET=y +CONFIG_PPP=y +CONFIG_PPS=y +# CONFIG_PREEMPT is not set +CONFIG_PREEMPT_DYNAMIC=y +CONFIG_PREEMPT_VOLUNTARY=y +CONFIG_PRINTER=y +CONFIG_PROC_EVENTS=y +CONFIG_PROFILING=y +CONFIG_PSE_CONTROLLER=y +CONFIG_PSI=y +CONFIG_PTP_1588_CLOCK=y +CONFIG_PVH=y +CONFIG_PVPANIC=y +CONFIG_PWM=y +CONFIG_QUOTA=y +CONFIG_R8169=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y +CONFIG_RANDOM_KMALLOC_CACHES=y +CONFIG_RAPIDIO=y +CONFIG_RAS=y +CONFIG_RCU_CPU_STALL_CPUTIME=y +CONFIG_RD_BZIP2=y +CONFIG_RD_LZ4=y +CONFIG_RD_LZMA=y +CONFIG_RD_LZO=y +CONFIG_RD_XZ=y +CONFIG_REALTEK_PHY=y +CONFIG_REGMAP_I2C=y +CONFIG_REGULATOR=y +CONFIG_REMOTEPROC=y +CONFIG_RESET_ATTACK_MITIGATION=y +CONFIG_RESET_CONTROLLER=y +CONFIG_RFKILL=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_INTF_DEV=y +CONFIG_RTC_INTF_PROC=y +CONFIG_RTC_INTF_SYSFS=y +CONFIG_RTC_NVMEM=y +CONFIG_RTC_SYSTOHC=y +CONFIG_RUNTIME_TESTING_MENU=y +CONFIG_SAMPLES=y +CONFIG_SATA_PMP=y +CONFIG_SATA_ZPODD=y +CONFIG_SCHEDSTATS=y +CONFIG_SCHED_AUTOGROUP=y +CONFIG_SCHED_CLUSTER=y +CONFIG_SCHED_CORE=y +CONFIG_SCHED_MC=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +CONFIG_SCHED_STACK_END_CHECK=y +CONFIG_SCSI_CONSTANTS=y +CONFIG_SCSI_DH=y +CONFIG_SCSI_LOGGING=y +CONFIG_SCSI_PROC_FS=y +CONFIG_SCSI_SCAN_ASYNC=y +CONFIG_SECONDARY_TRUSTED_KEYRING=y +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_SECURITY=y +CONFIG_SECURITY_DMESG_RESTRICT=y +CONFIG_SERIAL_8250_16550A_VARIANTS=y +CONFIG_SERIAL_8250_EXTENDED=y +CONFIG_SERIAL_8250_FINTEK=y +CONFIG_SERIAL_8250_MID=y +CONFIG_SERIAL_8250_RT288X=y +CONFIG_SERIAL_DEV_BUS=y +CONFIG_SERIAL_NONSTANDARD=y +CONFIG_SERIAL_SCCNXP=y +CONFIG_SGI_PARTITION=y +CONFIG_SHUFFLE_PAGE_ALLOCATOR=y +CONFIG_SIGNED_PE_FILE_VERIFICATION=y +CONFIG_SKGE=y +CONFIG_SKY2=y +CONFIG_SLAB_FREELIST_HARDENED=y +CONFIG_SLAB_FREELIST_RANDOM=y +CONFIG_SLAB_MERGE_DEFAULT=y +CONFIG_SLUB_CPU_PARTIAL=y +CONFIG_SMSC_PHY=y +CONFIG_SOC_TI=y +CONFIG_SOFTLOCKUP_DETECTOR=y +CONFIG_SOLARIS_X86_PARTITION=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_SPI=y +CONFIG_SRAM=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACK_VALIDATION=y +CONFIG_STAGING=y +CONFIG_SUN_PARTITION=y +CONFIG_SURFACE_PLATFORMS=y +CONFIG_SUSPEND=y +CONFIG_SWIOTLB_DYNAMIC=y +CONFIG_SYMBOLIC_ERRNAME=y +CONFIG_SYSFB_SIMPLEFB=y +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y +CONFIG_SYSV68_PARTITION=y +CONFIG_TAP=y +CONFIG_TASKSTATS=y +CONFIG_TCP_CONG_ADVANCED=y +CONFIG_TCP_MD5SIG=y +CONFIG_THERMAL_EMULATION=y +CONFIG_THERMAL_GOV_BANG_BANG=y +CONFIG_THERMAL_GOV_FAIR_SHARE=y +CONFIG_THERMAL_GOV_USER_SPACE=y +CONFIG_THERMAL_NETLINK=y +CONFIG_THERMAL_STATISTICS=y +CONFIG_TIGON3=y +CONFIG_TMPFS_INODE64=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_QUOTA=y +CONFIG_TOUCHSCREEN_ELAN=y +CONFIG_TOUCHSCREEN_USB_COMPOSITE=y +CONFIG_TRANSPARENT_HUGEPAGE=y +CONFIG_TRUSTED_KEYS=y +CONFIG_TWL4030_CORE=y +CONFIG_TWL6040_CORE=y +CONFIG_TYPHOON=y +CONFIG_UBSAN=y +CONFIG_UCLAMP_TASK=y +CONFIG_UDMABUF=y +CONFIG_UEVENT_HELPER=y +CONFIG_ULTRIX_PARTITION=y +CONFIG_UNICODE=y +CONFIG_UNIXWARE_DISKLABEL=y +CONFIG_USB_ANNOUNCE_NEW_DEVICES=y +CONFIG_USB_DEFAULT_PERSIST=y +CONFIG_USB_DWC2=y +CONFIG_USB_DYNAMIC_MINORS=y +CONFIG_USB_EHCI_HCD_PLATFORM=y +CONFIG_USB_EHCI_TT_NEWSCHED=y +CONFIG_USB_KAWETH=y +CONFIG_USB_LED_TRIG=y +CONFIG_USB_NET_AX88179_178A=y +CONFIG_USB_NET_AX8817X=y +CONFIG_USB_NET_CDCETHER=y +CONFIG_USB_NET_CDC_EEM=y +CONFIG_USB_NET_CDC_NCM=y +CONFIG_USB_NET_CDC_SUBSET=y +CONFIG_USB_NET_CDC_SUBSET_ENABLE=y +CONFIG_USB_NET_DM9601=y +CONFIG_USB_NET_DRIVERS=y +CONFIG_USB_NET_MCS7830=y +CONFIG_USB_NET_RNDIS_HOST=y +CONFIG_USB_NET_SMSC75XX=y +CONFIG_USB_NET_SMSC95XX=y +CONFIG_USB_OHCI_HCD_PLATFORM=y +CONFIG_USB_PCI=y +CONFIG_USB_PEGASUS=y +CONFIG_USB_ROLE_SWITCH=y +CONFIG_USB_RTL8150=y +CONFIG_USB_RTL8152=y +CONFIG_USB_RTL8153_ECM=y +CONFIG_USB_USBNET=y +CONFIG_USB_XHCI_DBGCAP=y +CONFIG_USELIB=y +CONFIG_USERFAULTFD=y +CONFIG_VALIDATE_FS_PARSER=y +CONFIG_VGA_SWITCHEROO=y +CONFIG_VHOST_MENU=y +CONFIG_VIRTIO_INPUT=y +CONFIG_VIRTIO_IOMMU=y +CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTUALIZATION=y +CONFIG_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_VMAP_STACK=y +CONFIG_VXLAN=y +CONFIG_WAN=y +CONFIG_WATCHDOG_CORE=y +CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y +CONFIG_WATCHDOG_SYSFS=y +CONFIG_WATCH_QUEUE=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_MICROCHIP=y +CONFIG_WLAN_VENDOR_PURELIFI=y +CONFIG_WLAN_VENDOR_QUANTENNA=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_SILABS=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y +CONFIG_WQ_CPU_INTENSIVE_REPORT=y +CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y +CONFIG_X86_5LEVEL=y +CONFIG_X86_ACPI_CPUFREQ_CPB=y +CONFIG_X86_AMD_PSTATE=y +CONFIG_X86_CPU_RESCTRL=y +CONFIG_X86_DEBUG_FPU=y +CONFIG_X86_INTEL_LPSS=y +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_IOPL_IOPERM=y +CONFIG_X86_MCELOG_LEGACY=y +CONFIG_X86_MPPARSE=y +CONFIG_X86_PCC_CPUFREQ=y +CONFIG_X86_PLATFORM_DRIVERS_DELL=y +CONFIG_X86_PLATFORM_DRIVERS_HP=y +CONFIG_X86_PMEM_LEGACY=y +CONFIG_X86_POWERNOW_K8=y +CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y +CONFIG_X86_SGX=y +CONFIG_X86_SPEEDSTEP_CENTRINO=y +CONFIG_X86_USER_SHADOW_STACK=y +CONFIG_XDP_SOCKETS=y +CONFIG_XEN=y +CONFIG_XZ_DEC=y +CONFIG_ZERO_CALL_USED_REGS=y +CONFIG_ZSWAP=y +# CONFIG_6LOWPAN_DEBUGFS is not set +# CONFIG_A11Y_BRAILLE_CONSOLE is not set +# CONFIG_ACENIC is not set +# CONFIG_ACPI_APEI_EINJ is not set +# CONFIG_ACPI_APEI_ERST_DEBUG is not set CONFIG_ACPI_APEI_GHES=y CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_PCIEAER=y -CONFIG_ACPI_BATTERY=y -CONFIG_ACPI_BGRT=y -CONFIG_ACPI_BUTTON=y CONFIG_ACPI_CPPC_LIB=y -CONFIG_ACPI_DEBUG=y -CONFIG_ACPI_DEBUGGER=y CONFIG_ACPI_DEBUGGER_USER=y -CONFIG_ACPI_DOCK=y -CONFIG_ACPI_DPTF=y CONFIG_ACPI_EC=y -CONFIG_ACPI_FAN=y -CONFIG_ACPI_FFH=y -CONFIG_ACPI_FPDT=y -CONFIG_ACPI_HED=y +# CONFIG_ACPI_EXTLOG is not set CONFIG_ACPI_HMAT=y CONFIG_ACPI_HOTPLUG_MEMORY=y -CONFIG_ACPI_I2C_OPREGION=y CONFIG_ACPI_MADT_WAKEUP=y -CONFIG_ACPI_MDIO=y CONFIG_ACPI_NUMA=y CONFIG_ACPI_PCC=y -CONFIG_ACPI_PCI_SLOT=y -CONFIG_ACPI_PRMT=y -CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +CONFIG_ACPI_PLATFORM_PROFILE=y +# CONFIG_ACPI_QUICKSTART is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set CONFIG_ACPI_SLEEP=y -CONFIG_ACPI_SPCR_TABLE=y -CONFIG_ACPI_TABLE_UPGRADE=y -CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_TAD is not set CONFIG_ACPI_THERMAL_LIB=y CONFIG_ACPI_VIOT=y -CONFIG_ACRN_GUEST=y -CONFIG_AGP_AMD64=y -CONFIG_AGP_VIA=y -CONFIG_AIX_PARTITION=y -CONFIG_AMD_IOMMU=y -CONFIG_AMD_MEM_ENCRYPT=y +# CONFIG_ACRN_HSM is not set +# CONFIG_ADAPTEC_STARFIRE is not set +# CONFIG_ADFS_FS is not set +# CONFIG_ADIN1110 is not set +# CONFIG_ADM8211 is not set +# CONFIG_AFFS_FS is not set +# CONFIG_AIR_EN8811H_PHY is not set +CONFIG_ALIENWARE_WMI=y +CONFIG_ALIENWARE_WMI_LEGACY=y +CONFIG_ALIENWARE_WMI_WMAX=y +# CONFIG_ALTERA_MBOX is not set +# CONFIG_ALTERA_MSGDMA is not set +# CONFIG_AMD_3D_VCACHE is not set +# CONFIG_AMD_ATL is not set +# CONFIG_AMD_HSMP_ACPI is not set +# CONFIG_AMD_HSMP_PLAT is not set +CONFIG_AMD_NODE=y CONFIG_AMD_NUMA=y +# CONFIG_AMD_PMC is not set +# CONFIG_AMD_PTDMA is not set +# CONFIG_AMD_QDMA is not set CONFIG_AMD_WBRF=y -CONFIG_AMIGA_PARTITION=y -CONFIG_ANON_VMA_NAME=y -CONFIG_APPLE_PROPERTIES=y +# CONFIG_AMILO_RFKILL is not set +# CONFIG_AQTION is not set CONFIG_ARCH_DEFAULT_CRASH_DUMP=y CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y CONFIG_ARCH_ENABLE_THP_MIGRATION=y CONFIG_ARCH_HAS_CPU_PASID=y +CONFIG_ARCH_HAS_CRC32=y +CONFIG_ARCH_HAS_CRC64=y +CONFIG_ARCH_HAS_CRC_T10DIF=y CONFIG_ARCH_HAS_DMA_OPS=y CONFIG_ARCH_HAS_EARLY_DEBUG=y CONFIG_ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION=y @@ -57,157 +704,269 @@ CONFIG_ARCH_HAS_HW_PTE_YOUNG=y CONFIG_ARCH_HAS_KERNEL_FPU_SUPPORT=y CONFIG_ARCH_HAS_PKEYS=y CONFIG_ARCH_HAS_PREEMPT_LAZY=y +CONFIG_ARCH_HAS_PTDUMP=y CONFIG_ARCH_HAS_UBSAN=y CONFIG_ARCH_HAS_USER_SHADOW_STACK=y CONFIG_ARCH_HAS_ZONE_DMA_SET=y CONFIG_ARCH_HAVE_EXTRA_ELF_NOTES=y CONFIG_ARCH_HIBERNATION_HEADER=y CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PKEY_BITS=4 CONFIG_ARCH_SELECTS_KEXEC_FILE=y CONFIG_ARCH_SUPPORTS_AUTOFDO_CLANG=y CONFIG_ARCH_SUPPORTS_HUGE_PFNMAP=y +CONFIG_ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS=y CONFIG_ARCH_SUPPORTS_PMD_PFNMAP=y CONFIG_ARCH_SUPPORTS_PROPELLER_CLANG=y +CONFIG_ARCH_SUPPORTS_PT_RECLAIM=y CONFIG_ARCH_SUPPORTS_PUD_PFNMAP=y CONFIG_ARCH_SUPPORTS_RT=y CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y CONFIG_ARCH_USES_PG_ARCH_2=y +CONFIG_ARCH_VMLINUX_NEEDS_RELOCS=y +CONFIG_ARCH_WANT_HUGETLB_VMEMMAP_PREINIT=y CONFIG_ARCH_WANT_PMD_MKWRITE=y -CONFIG_ASM_MODVERSIONS=y CONFIG_ASN1_ENCODER=y +# CONFIG_ASUS_TF103C_DOCK is not set +# CONFIG_ASUS_WMI is not set CONFIG_ASYNC_TX_DMA=y CONFIG_AS_HAS_NON_CONST_ULEB128=y CONFIG_AS_VAES=y CONFIG_AS_VPCLMULQDQ=y -CONFIG_ATARI_PARTITION=y -CONFIG_ATA_GENERIC=y -CONFIG_ATA_VERBOSE_ERROR=y -CONFIG_AUDIT=y +# CONFIG_AT76C50X_USB is not set +# CONFIG_AT803X_PHY is not set +# CONFIG_ATH11K is not set +# CONFIG_ATH12K is not set +# CONFIG_ATH5K_TRACER is not set +CONFIG_ATH9K_RFKILL=y +# CONFIG_ATOMIC64_SELFTEST is not set CONFIG_AUDITSYSCALL=y -CONFIG_AUXDISPLAY=y -CONFIG_BACKLIGHT_CLASS_DEVICE=y +# CONFIG_AX25 is not set +# CONFIG_B43 is not set +# CONFIG_B43LEGACY is not set +# CONFIG_BACKLIGHT_88PM860X is not set +# CONFIG_BACKLIGHT_AAT2870 is not set +# CONFIG_BACKLIGHT_ADP5520 is not set +# CONFIG_BACKLIGHT_AS3711 is not set +# CONFIG_BACKLIGHT_DA903X is not set +# CONFIG_BACKLIGHT_DA9052 is not set +# CONFIG_BACKLIGHT_GPIO is not set +# CONFIG_BACKLIGHT_KTD253 is not set +# CONFIG_BACKLIGHT_KTD2801 is not set +# CONFIG_BACKLIGHT_LM3509 is not set +# CONFIG_BACKLIGHT_LM3630A is not set +# CONFIG_BACKLIGHT_LP855X is not set +# CONFIG_BACKLIGHT_LP8788 is not set +# CONFIG_BACKLIGHT_MAX8925 is not set +# CONFIG_BACKLIGHT_MP3309C is not set +# CONFIG_BACKLIGHT_PANDORA is not set +# CONFIG_BACKLIGHT_PWM is not set +# CONFIG_BACKLIGHT_WM831X is not set +# CONFIG_BACKTRACE_SELF_TEST is not set CONFIG_BALLOON_COMPACTION=y -CONFIG_BATTERY_SAMSUNG_SDI=y -CONFIG_BCM84881_PHY=y -CONFIG_BLK_CGROUP_IOPRIO=y +# CONFIG_BARCO_P50_GPIO is not set +# CONFIG_BATTERY_88PM860X is not set +# CONFIG_BATTERY_DA9030 is not set +# CONFIG_BATTERY_DA9052 is not set +# CONFIG_BATTERY_MAX1720X is not set +# CONFIG_BCACHEFS_FS is not set +# CONFIG_BCMA_DRIVER_GPIO is not set +# CONFIG_BE2NET is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_BIG_KEYS is not set CONFIG_BLK_DEBUG_FS=y -CONFIG_BLK_DEV_BSG=y -CONFIG_BLK_DEV_INTEGRITY=y CONFIG_BLK_DEV_IO_TRACE=y -CONFIG_BLK_DEV_MD=y -CONFIG_BLK_DEV_WRITE_MOUNTED=y -CONFIG_BLK_DEV_ZONED=y -CONFIG_BLK_INLINE_ENCRYPTION=y +CONFIG_BLK_DEV_PMEM=y +CONFIG_BLK_DEV_WRITE_MOUNTED=y CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK=y -CONFIG_BLK_SED_OPAL=y -CONFIG_BLK_WBT=y CONFIG_BLK_WBT_MQ=y -CONFIG_BLOCK_LEGACY_AUTOLOAD=y +# CONFIG_BNA is not set +# CONFIG_BNXT_DCB is not set +CONFIG_BNXT_HWMON=y +# CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set CONFIG_BOOTTIME_TRACING=y -CONFIG_BOOT_CONFIG=y -CONFIG_BOOT_PRINTK_DELAY=y +# CONFIG_BOOT_CONFIG_EMBED is not set +# CONFIG_BOOT_CONFIG_FORCE is not set CONFIG_BPF_EVENTS=y -CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_KPROBE_OVERRIDE=y CONFIG_BPF_LSM=y -CONFIG_BPF_STREAM_PARSER=y -CONFIG_BPF_UNPRIV_DEFAULT_OFF=y CONFIG_BRANCH_PROFILE_NONE=y -CONFIG_BSD_DISKLABEL=y +# CONFIG_BRCMFMAC is not set +# CONFIG_BRCMSMAC is not set +# CONFIG_BRIDGE_NF_EBTABLES_LEGACY is not set +CONFIG_BROADCAST_TLB_FLUSH=y CONFIG_BTT=y +CONFIG_BT_DEBUGFS=y +# CONFIG_BT_INTEL_PCIE is not set +# CONFIG_BT_MTKUART is not set +# CONFIG_BT_NXPUART is not set CONFIG_BUILDTIME_MCOUNT_SORT=y CONFIG_BUILTIN_MODULE_RANGES=y CONFIG_BYTCRC_PMIC_OPREGION=y CONFIG_CALL_PADDING=y CONFIG_CALL_THUNKS=y -CONFIG_CC_CAN_LINK=y -CONFIG_CC_CAN_LINK_STATIC=y -CONFIG_CC_HAS_COUNTED_BY=y -CONFIG_CC_HAS_KASAN_SW_TAGS=y -CONFIG_CC_HAS_MIN_FUNCTION_ALIGNMENT=y +# CONFIG_CALL_THUNKS_DEBUG is not set +# CONFIG_CASSINI is not set +# CONFIG_CAVIUM_PTP is not set CONFIG_CC_HAS_NAMED_AS=y CONFIG_CC_HAS_NAMED_AS_FIXED_SANITIZERS=y -CONFIG_CC_HAS_SANE_FUNCTION_ALIGNMENT=y CONFIG_CC_HAS_UBSAN_BOUNDS_STRICT=y CONFIG_CC_NO_STRINGOP_OVERFLOW=y -CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y -CONFIG_CFS_BANDWIDTH=y +# CONFIG_CEC_CH7322 is not set +# CONFIG_CEC_GPIO is not set +# CONFIG_CEC_NXP_TDA9950 is not set +# CONFIG_CEC_SECO is not set +# CONFIG_CFG80211_CERTIFICATION_ONUS is not set +# CONFIG_CFG80211_DEBUGFS is not set +# CONFIG_CGROUP_DMEM is not set CONFIG_CGROUP_HUGETLB=y +# CONFIG_CHARGER_BQ24190 is not set +# CONFIG_CHARGER_BQ24257 is not set +# CONFIG_CHARGER_BQ24735 is not set +# CONFIG_CHARGER_BQ2515X is not set +# CONFIG_CHARGER_BQ256XX is not set +# CONFIG_CHARGER_BQ25890 is not set +# CONFIG_CHARGER_BQ25980 is not set +# CONFIG_CHARGER_GPIO is not set +# CONFIG_CHARGER_LT3651 is not set CONFIG_CHARGER_MANAGER=y +# CONFIG_CHARGER_MAX14577 is not set +# CONFIG_CHARGER_MAX77693 is not set +# CONFIG_CHARGER_RT9455 is not set +# CONFIG_CHARGER_RT9467 is not set +# CONFIG_CHARGER_RT9471 is not set +# CONFIG_CHARGER_SMB347 is not set +# CONFIG_CHARGER_TPS65090 is not set CONFIG_CHARLCD_BL_FLASH=y -CONFIG_CHROME_PLATFORMS=y -CONFIG_CHR_DEV_SG=y +# CONFIG_CHARLCD_BL_OFF is not set +# CONFIG_CHARLCD_BL_ON is not set +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +# CONFIG_CHROMEOS_ACPI is not set +# CONFIG_CHROMEOS_LAPTOP is not set +# CONFIG_CHROMEOS_PRIVACY_SCREEN is not set +# CONFIG_CHROMEOS_PSTORE is not set +# CONFIG_CHROMEOS_TBMC is not set CONFIG_CHTCRC_PMIC_OPREGION=y CONFIG_CHT_WC_PMIC_OPREGION=y -CONFIG_CMDLINE_PARTITION=y -CONFIG_COMPACTION=y -CONFIG_COMPAT_32BIT_TIME=y -CONFIG_CONFIGFS_FS=y +# CONFIG_CLK_TWL is not set +# CONFIG_CLK_TWL6040 is not set +# CONFIG_COMMON_CLK_PALMAS is not set +# CONFIG_COMMON_CLK_PWM is not set +# CONFIG_COMMON_CLK_WM831X is not set +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 +# CONFIG_COMPAL_LAPTOP is not set CONFIG_CONSOLE_POLL=y CONFIG_CONTEXT_SWITCH_TRACER=y CONFIG_CONTEXT_TRACKING_USER=y +# CONFIG_CONTEXT_TRACKING_USER_FORCE is not set CONFIG_CONTIG_ALLOC=y -CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_CPUFREQ_ARCH_CUR_FREQ=y CONFIG_CPUMASK_OFFSTACK=y -CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y -CONFIG_CPU_FREQ_GOV_POWERSAVE=y -CONFIG_CPU_FREQ_GOV_USERSPACE=y -CONFIG_CPU_IDLE_GOV_HALTPOLL=y -CONFIG_CPU_IDLE_GOV_LADDER=y -CONFIG_CPU_IDLE_GOV_TEO=y -CONFIG_CPU_ISOLATION=y -CONFIG_CPU_MITIGATIONS=y -CONFIG_CRASH_DUMP=y +# CONFIG_CPUSETS_V1 is not set +# CONFIG_CRAMFS is not set CONFIG_CRASH_HOTPLUG=y +CONFIG_CRASH_MAX_MEMORY_RANGES=8192 CONFIG_CRASH_RESERVE=y -CONFIG_CRC64=y -CONFIG_CRC64_ROCKSOFT=y -CONFIG_CRC_CCITT=y -CONFIG_CRC_T10DIF=y -CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_CRC32_ARCH=y +CONFIG_CRC64_ARCH=y +CONFIG_CRC_OPTIMIZATIONS=y +CONFIG_CRC_T10DIF_ARCH=y +# CONFIG_CROS_EC is not set +# CONFIG_CROS_HPS_I2C is not set +# CONFIG_CROS_KBD_LED_BACKLIGHT is not set CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y -CONFIG_CRYPTO_BLAKE2S_X86=y -CONFIG_CRYPTO_CRC64_ROCKSOFT=y -CONFIG_CRYPTO_CRCT10DIF=y -CONFIG_CRYPTO_CTR=y -CONFIG_CRYPTO_DEFLATE=y +# CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set +# CONFIG_CRYPTO_DEV_ATMEL_ECC is not set +# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set CONFIG_CRYPTO_DEV_CCP=y +CONFIG_CRYPTO_DEV_CCP_CRYPTO=y +CONFIG_CRYPTO_DEV_CCP_DD=y +# CONFIG_CRYPTO_DEV_CCP_DEBUGFS is not set +# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set CONFIG_CRYPTO_DEV_PADLOCK=y -CONFIG_CRYPTO_DH=y +# CONFIG_CRYPTO_DEV_PADLOCK_AES is not set +# CONFIG_CRYPTO_DEV_PADLOCK_SHA is not set +# CONFIG_CRYPTO_DEV_QAT_420XX is not set +# CONFIG_CRYPTO_DEV_QAT_4XXX is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set +# CONFIG_CRYPTO_DEV_QAT_C62X is not set +# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set +# CONFIG_CRYPTO_DEV_SAFEXCEL is not set +CONFIG_CRYPTO_DEV_SP_CCP=y +CONFIG_CRYPTO_DEV_SP_PSP=y +# CONFIG_CRYPTO_DEV_VIRTIO is not set CONFIG_CRYPTO_DH_RFC7919_GROUPS=y -CONFIG_CRYPTO_DRBG_CTR=y -CONFIG_CRYPTO_DRBG_HASH=y -CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GENIV=y -CONFIG_CRYPTO_GHASH=y -CONFIG_CRYPTO_HW=y +CONFIG_CRYPTO_HKDF=y +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKS=64 +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE=32 +CONFIG_CRYPTO_JITTERENTROPY_OSR=1 CONFIG_CRYPTO_KDF800108_CTR=y -CONFIG_CRYPTO_LIB_GF128MUL=y -CONFIG_CRYPTO_LZO=y -CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y -CONFIG_CRYPTO_MD5=y -CONFIG_CRYPTO_SEQIV=y -CONFIG_CRYPTO_SHA1=y -CONFIG_DAX=y +# CONFIG_CRYPTO_KRB5 is not set +# CONFIG_CRYPTO_KRB5ENC is not set +CONFIG_CRYPTO_LIB_AESCFB=y +CONFIG_CRYPTO_LIB_AESGCM=y +# CONFIG_CW1200 is not set +# CONFIG_DA9052_WATCHDOG is not set +# CONFIG_DA9055_WATCHDOG is not set +# CONFIG_DA9063_WATCHDOG is not set CONFIG_DA_MON_EVENTS=y CONFIG_DA_MON_EVENTS_ID=y -CONFIG_DCB=y -CONFIG_DEBUG_FS=y +CONFIG_DCDBAS=y +# CONFIG_DE2104X is not set +# CONFIG_DEBUG_BOOT_PARAMS is not set +# CONFIG_DEBUG_CGROUP_REF is not set +# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B is not set CONFIG_DEBUG_FS_ALLOW_ALL=y -CONFIG_DEBUG_INFO_BTF=y -CONFIG_DEBUG_INFO_BTF_MODULES=y -CONFIG_DEBUG_INFO_DWARF5=y -CONFIG_DEBUG_MISC=y -CONFIG_DEBUG_WX=y +# CONFIG_DEBUG_FS_ALLOW_NONE is not set +# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set +# CONFIG_DEBUG_GPIO is not set +# CONFIG_DEBUG_NET_SMALL_RTNL is not set +# CONFIG_DEBUG_PAGE_REF is not set +# CONFIG_DEBUG_RSEQ is not set +# CONFIG_DEBUG_VFS is not set CONFIG_DECOMPRESS_BZIP2=y CONFIG_DECOMPRESS_LZ4=y CONFIG_DECOMPRESS_LZMA=y CONFIG_DECOMPRESS_LZO=y CONFIG_DECOMPRESS_XZ=y -CONFIG_DECOMPRESS_ZSTD=y +# CONFIG_DEFAULT_BIC is not set CONFIG_DEFAULT_CUBIC=y +# CONFIG_DEFAULT_HTCP is not set +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_DEFAULT_RENO is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y -CONFIG_DETECT_HUNG_TASK=y +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_SMACK is not set +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set +# CONFIG_DEFAULT_WESTWOOD is not set +# CONFIG_DEFXX is not set +CONFIG_DELL_LAPTOP=y +CONFIG_DELL_PC=y +CONFIG_DELL_RBTN=y +CONFIG_DELL_RBU=y +CONFIG_DELL_SMBIOS=y +CONFIG_DELL_SMBIOS_SMM=y +CONFIG_DELL_SMBIOS_WMI=y +CONFIG_DELL_SMO8800=y +# CONFIG_DELL_UART_BACKLIGHT is not set +CONFIG_DELL_WMI=y +CONFIG_DELL_WMI_AIO=y +CONFIG_DELL_WMI_DDV=y +CONFIG_DELL_WMI_DESCRIPTOR=y +CONFIG_DELL_WMI_LED=y +# CONFIG_DELL_WMI_PRIVACY is not set +CONFIG_DELL_WMI_SYSMAN=y +CONFIG_DETECT_HUNG_TASK_BLOCKER=y CONFIG_DEVFREQ_GOV_PASSIVE=y CONFIG_DEVFREQ_GOV_PERFORMANCE=y CONFIG_DEVFREQ_GOV_POWERSAVE=y @@ -216,169 +975,323 @@ CONFIG_DEVFREQ_GOV_USERSPACE=y CONFIG_DEVFREQ_THERMAL=y CONFIG_DEVICE_MIGRATION=y CONFIG_DEVICE_PRIVATE=y -CONFIG_DEVMEM=y -CONFIG_DEVPORT=y -CONFIG_DEVTMPFS_SAFE=y CONFIG_DEV_COREDUMP=y -CONFIG_DMABUF_HEAPS=y +# CONFIG_DEV_DAX is not set +# CONFIG_DEV_DAX_HMEM is not set +# CONFIG_DLM is not set +# CONFIG_DM9051 is not set +# CONFIG_DM9102 is not set CONFIG_DMABUF_HEAPS_SYSTEM=y -CONFIG_DMABUF_MOVE_NOTIFY=y -CONFIG_DMADEVICES=y +# CONFIG_DMADEVICES_DEBUG is not set CONFIG_DMAR_TABLE=y +# CONFIG_DMATEST is not set CONFIG_DMA_ACPI=y CONFIG_DMA_COHERENT_POOL=y CONFIG_DMA_ENGINE=y +# CONFIG_DMA_MAP_BENCHMARK is not set CONFIG_DMA_NEED_SYNC=y CONFIG_DMA_OPS_HELPERS=y CONFIG_DMA_VIRTUAL_CHANNELS=y -CONFIG_DMIID=y CONFIG_DM_AUDIT=y -CONFIG_DM_INIT=y -CONFIG_DM_UEVENT=y -CONFIG_DRM_ACCEL=y +# CONFIG_DM_VDO is not set +# CONFIG_DM_ZONED is not set +# CONFIG_DP83640_PHY is not set +# CONFIG_DP83TG720_PHY is not set +# CONFIG_DPM_WATCHDOG is not set +CONFIG_DPTF_PCH_FIVR=y +CONFIG_DPTF_POWER=y +# CONFIG_DRM_ACCEL_AMDXDNA is not set +# CONFIG_DRM_ACCEL_HABANALABS is not set +# CONFIG_DRM_ACCEL_IVPU is not set +# CONFIG_DRM_APPLETBDRM is not set CONFIG_DRM_CLIENT=y +CONFIG_DRM_CLIENT_DEFAULT="fbdev" +CONFIG_DRM_CLIENT_DEFAULT_FBDEV=y CONFIG_DRM_CLIENT_LIB=y +# CONFIG_DRM_CLIENT_LOG is not set CONFIG_DRM_CLIENT_SELECTION=y CONFIG_DRM_CLIENT_SETUP=y -CONFIG_DRM_FBDEV_EMULATION=y -CONFIG_DRM_LOAD_EDID_FIRMWARE=y +# CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set +# CONFIG_DRM_DEBUG_MODESET_LOCK is not set +# CONFIG_DRM_DISPLAY_DP_AUX_CEC is not set +# CONFIG_DRM_DISPLAY_DP_AUX_CHARDEV is not set +CONFIG_DRM_DISPLAY_DSC_HELPER=y +CONFIG_DRM_DRAW=y +# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set +CONFIG_DRM_FBDEV_OVERALLOC=100 +# CONFIG_DRM_HISI_HIBMC is not set +# CONFIG_DRM_I915_DEBUG is not set +# CONFIG_DRM_I915_DEBUG_GUC is not set +# CONFIG_DRM_I915_DEBUG_MMIO is not set +# CONFIG_DRM_I915_DEBUG_RUNTIME_PM is not set +# CONFIG_DRM_I915_DEBUG_VBLANK_EVADE is not set +# CONFIG_DRM_I915_DEBUG_WAKEREF is not set +# CONFIG_DRM_I915_LOW_LEVEL_TRACEPOINTS is not set +# CONFIG_DRM_I915_REPLAY_GPU_HANGS_API is not set +# CONFIG_DRM_I915_SELFTEST is not set +# CONFIG_DRM_I915_SW_FENCE_CHECK_DAG is not set +# CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS is not set +# CONFIG_DRM_I915_WERROR is not set +# CONFIG_DRM_PANEL_AUO_A030JTN01 is not set +# CONFIG_DRM_PANEL_ILITEK_ILI9341 is not set +# CONFIG_DRM_PANEL_MIPI_DBI is not set +# CONFIG_DRM_PANEL_ORISETECH_OTA5601A is not set +# CONFIG_DRM_PANEL_WIDECHIPS_WS2401 is not set CONFIG_DRM_PANIC=y -CONFIG_DRM_SIMPLEDRM=y -CONFIG_DYNAMIC_DEBUG=y -CONFIG_DYNAMIC_DEBUG_CORE=y +CONFIG_DRM_PANIC_BACKGROUND_COLOR=0x000000 +# CONFIG_DRM_PANIC_DEBUG is not set +CONFIG_DRM_PANIC_FOREGROUND_COLOR=0xffffff +CONFIG_DRM_PANIC_SCREEN="user" +# CONFIG_DRM_WERROR is not set +# CONFIG_DRM_XE is not set +# CONFIG_DRM_XEN_FRONTEND is not set +# CONFIG_DWC_PCIE_PMU is not set +# CONFIG_DWC_XLGMAC is not set +# CONFIG_DW_DMAC is not set +# CONFIG_DW_DMAC_PCI is not set +# CONFIG_DW_EDMA is not set CONFIG_DYNAMIC_EVENTS=y CONFIG_DYNAMIC_FTRACE=y CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y CONFIG_DYNAMIC_FTRACE_WITH_REGS=y CONFIG_DYNAMIC_MEMORY_LAYOUT=y -CONFIG_EARLY_PRINTK_DBGP=y CONFIG_EARLY_PRINTK_USB=y -CONFIG_EARLY_PRINTK_USB_XDBC=y CONFIG_ECRYPT_FS=y CONFIG_ECRYPT_FS_MESSAGING=y CONFIG_EDAC=y +# CONFIG_EDAC_AMD64 is not set +# CONFIG_EDAC_DEBUG is not set +CONFIG_EDAC_DECODE_MCE=y +# CONFIG_EDAC_E752X is not set +# CONFIG_EDAC_ECS is not set CONFIG_EDAC_GHES=y -CONFIG_EDD=y +# CONFIG_EDAC_I10NM is not set +# CONFIG_EDAC_I3000 is not set +# CONFIG_EDAC_I3200 is not set +# CONFIG_EDAC_I5100 is not set +# CONFIG_EDAC_I5400 is not set +# CONFIG_EDAC_I7300 is not set +# CONFIG_EDAC_I7CORE is not set +# CONFIG_EDAC_I82975X is not set +# CONFIG_EDAC_IE31200 is not set +# CONFIG_EDAC_IGEN6 is not set +CONFIG_EDAC_LEGACY_SYSFS=y +# CONFIG_EDAC_MEM_REPAIR is not set +# CONFIG_EDAC_PND2 is not set +# CONFIG_EDAC_SBRIDGE is not set +# CONFIG_EDAC_SCRUB is not set +# CONFIG_EDAC_SKX is not set +# CONFIG_EDAC_X38 is not set CONFIG_EDD_OFF=y -CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y +# CONFIG_EEPROM_93XX46 is not set +# CONFIG_EEPROM_AT25 is not set CONFIG_EFI_DEV_PATH_PARSER=y -CONFIG_EFI_DXE_MEM_ATTRIBUTES=y -CONFIG_EFI_HANDOVER_PROTOCOL=y -CONFIG_EFI_MIXED=y -CONFIG_EFI_RCI2_TABLE=y CONFIG_EFI_RUNTIME_MAP=y CONFIG_EFI_SOFT_RESERVE=y -CONFIG_ENCRYPTED_KEYS=y -CONFIG_ENERGY_MODEL=y -CONFIG_ETHTOOL_NETLINK=y +CONFIG_EFI_VARS_PSTORE=y +# CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE is not set +# CONFIG_EFS_FS is not set +# CONFIG_ENA_ETHERNET is not set +# CONFIG_ENC28J60 is not set +# CONFIG_ENCX24J600 is not set +# CONFIG_ENIC is not set +# CONFIG_EPIC100 is not set +# CONFIG_EROFS_FS is not set +# CONFIG_ET131X is not set CONFIG_EVENT_TRACING=y CONFIG_EVM=y CONFIG_EVM_ADD_XATTRS=y CONFIG_EVM_ATTR_FSUUID=y CONFIG_EVM_EXTRA_SMACK_XATTRS=y +# CONFIG_EVM_LOAD_X509 is not set CONFIG_EXECMEM=y -CONFIG_EXPERT=y -CONFIG_EXPORTFS_BLOCK_OPS=y -CONFIG_EXT4_USE_FOR_EXT2=y -CONFIG_EXTCON=y -CONFIG_EXT_GROUP_SCHED=y +# CONFIG_EXTCON_FSA9480 is not set +# CONFIG_EXTCON_GPIO is not set +# CONFIG_EXTCON_INTEL_CHT_WC is not set +# CONFIG_EXTCON_INTEL_INT3496 is not set +# CONFIG_EXTCON_LC824206XA is not set +# CONFIG_EXTCON_MAX14577 is not set +# CONFIG_EXTCON_MAX3355 is not set +# CONFIG_EXTCON_MAX77693 is not set +# CONFIG_EXTCON_MAX77843 is not set +# CONFIG_EXTCON_MAX8997 is not set +# CONFIG_EXTCON_PALMAS is not set +# CONFIG_EXTCON_PTN5150 is not set +# CONFIG_EXTCON_RT8973A is not set +# CONFIG_EXTCON_SM5502 is not set +# CONFIG_EXTCON_USB_GPIO is not set CONFIG_EZX_PCAP=y -CONFIG_FANOTIFY=y CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y -CONFIG_FB_ASILIANT=y -CONFIG_FB_DEVICE=y -CONFIG_FB_IMSTT=y +# CONFIG_FBNIC is not set +CONFIG_FB_IOMEM_HELPERS_DEFERRED=y +# CONFIG_FB_SM750 is not set +# CONFIG_FB_SSD1307 is not set CONFIG_FB_SYSMEM_FOPS=y CONFIG_FB_SYSMEM_HELPERS=y CONFIG_FB_SYSMEM_HELPERS_DEFERRED=y CONFIG_FB_SYS_COPYAREA=y CONFIG_FB_SYS_FILLRECT=y CONFIG_FB_SYS_IMAGEBLIT=y -CONFIG_FB_TILEBLITTING=y -CONFIG_FDDI=y -CONFIG_FIRMWARE_EDID=y +# CONFIG_FB_TFT is not set +# CONFIG_FB_UDL is not set +# CONFIG_FB_VIA is not set +# CONFIG_FB_VOODOO1 is not set +# CONFIG_FIND_BIT_BENCHMARK is not set CONFIG_FIRMWARE_TABLE=y -CONFIG_FIXED_PHY=y -CONFIG_FONTS=y +# CONFIG_FONT_10x18 is not set CONFIG_FONT_6x10=y +# CONFIG_FONT_6x11 is not set +# CONFIG_FONT_6x8 is not set +# CONFIG_FONT_7x14 is not set CONFIG_FONT_ACORN_8x8=y +# CONFIG_FONT_MINI_4x6 is not set +# CONFIG_FONT_PEARL_8x8 is not set +# CONFIG_FONT_SUN12x22 is not set +# CONFIG_FONT_SUN8x16 is not set CONFIG_FONT_TER16x32=y -CONFIG_FORTIFY_SOURCE=y +# CONFIG_FORCEDETH is not set CONFIG_FPROBE=y CONFIG_FPROBE_EVENTS=y -CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y -CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y -CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y +# CONFIG_FRAMER is not set CONFIG_FS_DAX=y CONFIG_FS_DAX_PMD=y -CONFIG_FS_ENCRYPTION=y CONFIG_FS_ENCRYPTION_ALGS=y CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y CONFIG_FS_STACK=y -CONFIG_FS_VERITY=y CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y -CONFIG_FTRACE=y CONFIG_FTRACE_MCOUNT_RECORD=y CONFIG_FTRACE_MCOUNT_USE_CC=y +# CONFIG_FTRACE_RECORD_RECURSION is not set +# CONFIG_FTRACE_SORT_STARTUP_TEST is not set +# CONFIG_FTRACE_STARTUP_TEST is not set CONFIG_FTRACE_SYSCALLS=y +# CONFIG_FTRACE_VALIDATE_RCU_IS_WATCHING is not set +# CONFIG_FUEL_GAUGE_MM8013 is not set CONFIG_FUNCTION_ERROR_INJECTION=y CONFIG_FUNCTION_GRAPH_RETADDR=y CONFIG_FUNCTION_GRAPH_RETVAL=y CONFIG_FUNCTION_GRAPH_TRACER=y CONFIG_FUNCTION_PROFILER=y CONFIG_FUNCTION_TRACER=y +# CONFIG_FUN_ETH is not set +CONFIG_FUSE_IO_URING=y CONFIG_FUSE_PASSTHROUGH=y -CONFIG_FUSION=y +# CONFIG_FUSION_FC is not set CONFIG_FUSION_LOGGING=y -CONFIG_FWNODE_MDIO=y +CONFIG_FUSION_MAX_SGE=128 +# CONFIG_FUSION_SAS is not set +# CONFIG_FUSION_SPI is not set +# CONFIG_FWCTL is not set +CONFIG_FW_ATTR_CLASS=y CONFIG_FW_CACHE=y -CONFIG_FW_LOADER_COMPRESS=y CONFIG_FW_LOADER_COMPRESS_XZ=y CONFIG_FW_LOADER_COMPRESS_ZSTD=y CONFIG_FW_LOADER_DEBUG=y CONFIG_FW_LOADER_PAGED_BUF=y CONFIG_FW_LOADER_SYSFS=y -CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_FW_UPLOAD=y -CONFIG_GART_IOMMU=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_GCC_NO_STRINGOP_OVERFLOW=y -CONFIG_GCC_PLUGINS=y -CONFIG_GDB_SCRIPTS=y +# CONFIG_GCOV_KERNEL is not set CONFIG_GENERIC_CLOCKEVENTS_BROADCAST_IDLE=y -CONFIG_GENERIC_CPU=y CONFIG_GENERIC_CPU_DEVICES=y -CONFIG_GENERIC_PHY=y +# CONFIG_GENERIC_IRQ_DEBUGFS is not set CONFIG_GENERIC_PINCONF=y CONFIG_GENERIC_TRACER=y +CONFIG_GENERIC_VDSO_DATA_STORE=y CONFIG_GENERIC_VDSO_OVERFLOW_PROTECT=y CONFIG_GET_FREE_REGION=y -CONFIG_GPIOLIB=y +# CONFIG_GIGABYTE_WMI is not set +# CONFIG_GPIB is not set +CONFIG_GPIOLIB_FASTPATH_LIMIT=512 CONFIG_GPIOLIB_IRQCHIP=y +# CONFIG_GPIO_104_DIO_48E is not set +# CONFIG_GPIO_104_IDIO_16 is not set +# CONFIG_GPIO_104_IDI_48 is not set +# CONFIG_GPIO_74X164 is not set CONFIG_GPIO_ACPI=y +# CONFIG_GPIO_ADP5520 is not set +# CONFIG_GPIO_AGGREGATOR is not set +# CONFIG_GPIO_ALTERA is not set +# CONFIG_GPIO_AMD8111 is not set +# CONFIG_GPIO_AMDPT is not set +# CONFIG_GPIO_AMD_FCH is not set +# CONFIG_GPIO_BT8XX is not set CONFIG_GPIO_CDEV=y CONFIG_GPIO_CDEV_V1=y CONFIG_GPIO_CRYSTAL_COVE=y +# CONFIG_GPIO_DA9052 is not set +# CONFIG_GPIO_DA9055 is not set +# CONFIG_GPIO_DS4520 is not set +# CONFIG_GPIO_DWAPB is not set +# CONFIG_GPIO_ELKHARTLAKE is not set +# CONFIG_GPIO_F7188X is not set +# CONFIG_GPIO_FXL6408 is not set CONFIG_GPIO_GENERIC=y CONFIG_GPIO_GENERIC_PLATFORM=y +# CONFIG_GPIO_GPIO_MM is not set +# CONFIG_GPIO_GRANITERAPIDS is not set +# CONFIG_GPIO_IT87 is not set +# CONFIG_GPIO_LATCH is not set +# CONFIG_GPIO_MAX3191X is not set +# CONFIG_GPIO_MAX7300 is not set +# CONFIG_GPIO_MAX7301 is not set +# CONFIG_GPIO_MAX732X is not set +# CONFIG_GPIO_MB86S7X is not set +# CONFIG_GPIO_MC33880 is not set +# CONFIG_GPIO_ML_IOH is not set +# CONFIG_GPIO_MOCKUP is not set +# CONFIG_GPIO_MPSSE is not set CONFIG_GPIO_PALMAS=y +# CONFIG_GPIO_PCA953X is not set +# CONFIG_GPIO_PCA9570 is not set +# CONFIG_GPIO_PCF857X is not set +# CONFIG_GPIO_PCIE_IDIO_24 is not set +# CONFIG_GPIO_PCI_IDIO_16 is not set +# CONFIG_GPIO_PISOSR is not set +# CONFIG_GPIO_POLARFIRE_SOC is not set CONFIG_GPIO_RC5T583=y +# CONFIG_GPIO_RDC321X is not set +# CONFIG_GPIO_SCH311X is not set +# CONFIG_GPIO_SIM is not set +# CONFIG_GPIO_SLOPPY_LOGIC_ANALYZER is not set CONFIG_GPIO_SYSFS=y +# CONFIG_GPIO_TPIC2810 is not set CONFIG_GPIO_TPS6586X=y CONFIG_GPIO_TPS65910=y +# CONFIG_GPIO_TPS65912 is not set +# CONFIG_GPIO_TWL4030 is not set +# CONFIG_GPIO_TWL6040 is not set +# CONFIG_GPIO_VIRTIO is not set +# CONFIG_GPIO_VIRTUSER is not set +# CONFIG_GPIO_VX855 is not set +# CONFIG_GPIO_WINBOND is not set +# CONFIG_GPIO_WM831X is not set +# CONFIG_GPIO_WM8350 is not set +# CONFIG_GPIO_WS16C48 is not set +# CONFIG_GPIO_XILINX is not set +# CONFIG_GPIO_XRA1403 is not set +# CONFIG_GP_PCI1XXXX is not set CONFIG_GROUP_SCHED_WEIGHT=y CONFIG_GUEST_PERF_EVENTS=y -CONFIG_HAMRADIO=y -CONFIG_HARDENED_USERCOPY=y -CONFIG_HARDLOCKUP_DETECTOR=y +# CONFIG_GUP_TEST is not set +# CONFIG_HAMACHI is not set +# CONFIG_HAPPYMEAL is not set +CONFIG_HARDENED_USERCOPY_DEFAULT_ON=y +# CONFIG_HARDLOCKUP_DETECTOR_ARCH is not set +# CONFIG_HARDLOCKUP_DETECTOR_BUDDY is not set CONFIG_HARDLOCKUP_DETECTOR_COUNTS_HRTIMER=y CONFIG_HARDLOCKUP_DETECTOR_PERF=y +# CONFIG_HARDLOCKUP_DETECTOR_PREFER_BUDDY is not set +CONFIG_HAS_SECURITY_AUDIT=y CONFIG_HAVE_ARCH_NODE_DEV_GROUP=y CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y CONFIG_HAVE_ARCH_USERFAULTFD_WP=y CONFIG_HAVE_BOOTMEM_INFO_NODE=y CONFIG_HAVE_CALL_THUNKS=y -CONFIG_HAVE_FUNCTION_GRAPH_RETVAL=y +CONFIG_HAVE_FTRACE_GRAPH_FUNC=y +CONFIG_HAVE_FTRACE_REGS_HAVING_PT_REGS=y +CONFIG_HAVE_FUNCTION_GRAPH_FREGS=y CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y CONFIG_HAVE_GUP_FAST=y CONFIG_HAVE_IMA_KEXEC=y @@ -386,213 +1299,362 @@ CONFIG_HAVE_INTEL_TXT=y CONFIG_HAVE_PAGE_SIZE_4KB=y CONFIG_HAVE_RELIABLE_STACKTRACE=y CONFIG_HAVE_TRUSTED_KEYS=y +# CONFIG_HD44780 is not set +# CONFIG_HDLC is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_HFS_FS is not set CONFIG_HIBERNATE_CALLBACKS=y -CONFIG_HIBERNATION=y CONFIG_HIBERNATION_COMP_LZO=y +CONFIG_HIBERNATION_DEF_COMP="lzo" CONFIG_HIBERNATION_SNAPSHOT_DEV=y -CONFIG_HID_PID=y -CONFIG_HIGH_RES_TIMERS=y +# CONFIG_HIBMCGE is not set +# CONFIG_HID_APPLETB_BL is not set +# CONFIG_HID_APPLETB_KBD is not set +# CONFIG_HID_BPF is not set +# CONFIG_HID_GOODIX_SPI is not set +# CONFIG_HID_KYSONA is not set +# CONFIG_HID_MCP2200 is not set +# CONFIG_HID_UNIVERSAL_PIDFF is not set +# CONFIG_HID_WINWING is not set +# CONFIG_HINIC is not set CONFIG_HIST_TRIGGERS=y +# CONFIG_HIST_TRIGGERS_DEBUG is not set CONFIG_HMEM_REPORTING=y -CONFIG_HOTPLUG_PCI_ACPI=y -CONFIG_HOTPLUG_PCI_CPCI=y +# CONFIG_HOTPLUG_PCI_ACPI_IBM is not set +# CONFIG_HOTPLUG_PCI_CPCI_GENERIC is not set +# CONFIG_HOTPLUG_PCI_CPCI_ZT5550 is not set CONFIG_HOTPLUG_PCI_OCTEONEP=y -CONFIG_HOTPLUG_PCI_PCIE=y -CONFIG_HOTPLUG_PCI_SHPC=y -CONFIG_HPET_MMAP_DEFAULT=y +# CONFIG_HPFS_FS is not set +CONFIG_HP_ACCEL=y +CONFIG_HP_BIOSCFG=y +CONFIG_HP_WMI=y CONFIG_HSU_DMA=y -CONFIG_HTE=y -CONFIG_HUGETLBFS=y +# CONFIG_HT16K33 is not set +# CONFIG_HUAWEI_WMI is not set CONFIG_HUGETLB_PAGE=y CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING=y CONFIG_HVC_IRQ=y CONFIG_HVC_XEN=y CONFIG_HVC_XEN_FRONTEND=y CONFIG_HWLAT_TRACER=y -CONFIG_HWMON=y -CONFIG_HWSPINLOCK=y -CONFIG_HW_RANDOM_TPM=y -CONFIG_I2C_CHARDEV=y +# CONFIG_HWMON_DEBUG_CHIP is not set +# CONFIG_HWPOISON_INJECT is not set +# CONFIG_HYPERV_TESTING is not set +# CONFIG_I2C_CBUS_GPIO is not set +# CONFIG_I2C_CHT_WC is not set +# CONFIG_I2C_DESIGNWARE_AMDPSP is not set CONFIG_I2C_DESIGNWARE_BAYTRAIL=y CONFIG_I2C_DESIGNWARE_CORE=y -CONFIG_I2C_DESIGNWARE_PLATFORM=y -CONFIG_I2C_SLAVE=y +# CONFIG_I2C_DESIGNWARE_SLAVE is not set +# CONFIG_I2C_GPIO is not set +# CONFIG_I2C_SLAVE_EEPROM is not set +# CONFIG_I2C_SLAVE_TESTUNIT is not set +# CONFIG_I2C_ZHAOXIN is not set +# CONFIG_IA32_EMULATION_DEFAULT_DISABLED is not set +# CONFIG_IDEAPAD_LAPTOP is not set CONFIG_IDLE_INJECT=y -CONFIG_IDLE_PAGE_TRACKING=y +# CONFIG_IDPF is not set +CONFIG_IGB_HWMON=y CONFIG_IMA=y CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set CONFIG_IMA_APPRAISE_MODSIG=y CONFIG_IMA_ARCH_POLICY=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y +# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set +CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" +# CONFIG_IMA_DISABLE_HTABLE is not set CONFIG_IMA_KEXEC=y +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y +CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y -CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y -CONFIG_INITRAMFS_PRESERVE_MTIME=y -CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y -CONFIG_INPUT_JOYSTICK=y -CONFIG_INPUT_MOUSEDEV_PSAUX=y +# CONFIG_IMA_READ_POLICY is not set +# CONFIG_IMA_SIG_TEMPLATE is not set +# CONFIG_IMA_WRITE_POLICY is not set +# CONFIG_IMG_ASCII_LCD is not set +CONFIG_INET_MPTCP_DIAG=y +# CONFIG_INPUT_88PM860X_ONKEY is not set +# CONFIG_INPUT_DA9052_ONKEY is not set +# CONFIG_INPUT_DA9055_ONKEY is not set +# CONFIG_INPUT_DA9063_ONKEY is not set +# CONFIG_INPUT_DRV260X_HAPTICS is not set +# CONFIG_INPUT_GPIO_BEEPER is not set +# CONFIG_INPUT_GPIO_DECODER is not set +# CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set +# CONFIG_INPUT_GPIO_VIBRA is not set +# CONFIG_INPUT_IBM_PANEL is not set +# CONFIG_INPUT_MAX77693_HAPTIC is not set +# CONFIG_INPUT_MAX8925_ONKEY is not set +# CONFIG_INPUT_MAX8997_HAPTIC is not set +# CONFIG_INPUT_PALMAS_PWRBUTTON is not set +# CONFIG_INPUT_PCAP is not set +# CONFIG_INPUT_PWM_BEEPER is not set +# CONFIG_INPUT_PWM_VIBRA is not set +# CONFIG_INPUT_REGULATOR_HAPTIC is not set +# CONFIG_INPUT_TWL4030_PWRBUTTON is not set +# CONFIG_INPUT_TWL4030_VIBRA is not set +# CONFIG_INPUT_TWL6040_VIBRA is not set +# CONFIG_INPUT_WM831X_ON is not set +CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y +# CONFIG_INSPUR_PLATFORM_PROFILE is not set CONFIG_INTEGRITY=y CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y +# CONFIG_INTEGRITY_CA_MACHINE_KEYRING is not set CONFIG_INTEGRITY_MACHINE_KEYRING=y CONFIG_INTEGRITY_PLATFORM_KEYRING=y CONFIG_INTEGRITY_SIGNATURE=y CONFIG_INTEGRITY_TRUSTED_KEYRING=y -CONFIG_INTEL_HFI_THERMAL=y -CONFIG_INTEL_IOMMU=y +# CONFIG_INTEL_BYTCRC_PWRSRC is not set +# CONFIG_INTEL_IDMA64 is not set +# CONFIG_INTEL_IDXD is not set +# CONFIG_INTEL_IDXD_COMPAT is not set +# CONFIG_INTEL_INT0002_VGPIO is not set +# CONFIG_INTEL_IOATDMA is not set CONFIG_INTEL_IOMMU_DEFAULT_ON=y CONFIG_INTEL_IOMMU_FLOPPY_WA=y CONFIG_INTEL_IOMMU_PERF_EVENTS=y CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y CONFIG_INTEL_IOMMU_SVM=y CONFIG_INTEL_LDMA=y +# CONFIG_INTEL_OAKTRAIL is not set +# CONFIG_INTEL_RAPL is not set CONFIG_INTEL_SCU=y CONFIG_INTEL_SCU_IPC=y -CONFIG_INTEL_SCU_PCI=y +# CONFIG_INTEL_SCU_IPC_UTIL is not set +# CONFIG_INTEL_SKL_INT3472 is not set CONFIG_INTEL_SOC_PMIC=y +# CONFIG_INTEL_SOC_PMIC_CHTDC_TI is not set CONFIG_INTEL_SOC_PMIC_CHTWC=y +# CONFIG_INTEL_SOC_PMIC_MRFLD is not set +# CONFIG_INTEL_THC_HID is not set CONFIG_INTEL_TURBO_MAX_3=y CONFIG_INTEL_TXT=y -CONFIG_INTERCONNECT=y +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_DEBUGFS is not set CONFIG_IOMMU_HELPER=y CONFIG_IOMMU_IOPF=y CONFIG_IOMMU_IO_PGTABLE=y CONFIG_IOMMU_MM_DATA=y CONFIG_IOMMU_SVA=y +# CONFIG_IONIC is not set CONFIG_IOSF_MBI_DEBUG=y -CONFIG_IO_DELAY_0XED=y +# CONFIG_IO_STRICT_DEVMEM is not set +CONFIG_IO_URING_ZCRX=y +# CONFIG_IP6_NF_IPTABLES_LEGACY is not set +CONFIG_IPE_BOOT_POLICY="" CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IPE_PROP_FS_VERITY=y CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y -CONFIG_IPV6_IOAM6_LWTUNNEL=y -CONFIG_IPV6_MROUTE=y +# CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y -CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_PIMSM_V2=y -CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_SEG6_BPF=y -CONFIG_IPV6_SEG6_HMAC=y -CONFIG_IPV6_SEG6_LWTUNNEL=y CONFIG_IPV6_SUBTREES=y -CONFIG_IP_FIB_TRIE_STATS=y -CONFIG_IP_MROUTE_MULTIPLE_TABLES=y -CONFIG_IRQ_POLL=y +# CONFIG_IPW2100 is not set +# CONFIG_IPW2200 is not set +# CONFIG_IP_NF_ARPFILTER is not set +CONFIG_IP_NF_IPTABLES_LEGACY=y +# CONFIG_IP_NF_SECURITY is not set +# CONFIG_IRQSOFF_TRACER is not set CONFIG_ISA_BUS=y -CONFIG_JAILHOUSE_GUEST=y -CONFIG_JUMP_LABEL=y -CONFIG_KALLSYMS_ALL=y -CONFIG_KARMA_PARTITION=y +# CONFIG_IWL3945 is not set +# CONFIG_IWL4965 is not set +# CONFIG_IWLWIFI is not set +# CONFIG_JOYSTICK_A3D is not set +# CONFIG_JOYSTICK_ADI is not set +# CONFIG_JOYSTICK_ANALOG is not set +# CONFIG_JOYSTICK_AS5011 is not set +# CONFIG_JOYSTICK_COBRA is not set +# CONFIG_JOYSTICK_DB9 is not set +# CONFIG_JOYSTICK_FSIA6B is not set +# CONFIG_JOYSTICK_GAMECON is not set +# CONFIG_JOYSTICK_GF2K is not set +# CONFIG_JOYSTICK_GRIP is not set +# CONFIG_JOYSTICK_GRIP_MP is not set +# CONFIG_JOYSTICK_GUILLEMOT is not set +# CONFIG_JOYSTICK_IFORCE is not set +# CONFIG_JOYSTICK_INTERACT is not set +# CONFIG_JOYSTICK_JOYDUMP is not set +# CONFIG_JOYSTICK_MAGELLAN is not set +# CONFIG_JOYSTICK_PSXPAD_SPI is not set +# CONFIG_JOYSTICK_PXRC is not set +# CONFIG_JOYSTICK_QWIIC is not set +# CONFIG_JOYSTICK_SEESAW is not set +# CONFIG_JOYSTICK_SENSEHAT is not set +# CONFIG_JOYSTICK_SIDEWINDER is not set +# CONFIG_JOYSTICK_SPACEBALL is not set +# CONFIG_JOYSTICK_SPACEORB is not set +# CONFIG_JOYSTICK_STINGER is not set +# CONFIG_JOYSTICK_TMDC is not set +# CONFIG_JOYSTICK_TURBOGRAFX is not set +# CONFIG_JOYSTICK_TWIDJOY is not set +# CONFIG_JOYSTICK_WALKERA0701 is not set +# CONFIG_JOYSTICK_WARRIOR is not set +# CONFIG_JOYSTICK_XPAD is not set +# CONFIG_JOYSTICK_ZHENHUA is not set +CONFIG_KDB_CONTINUE_CATASTROPHIC=0 +CONFIG_KDB_DEFAULT_ENABLE=0x1 CONFIG_KDB_KEYBOARD=y -CONFIG_KEXEC=y +# CONFIG_KEBA_CP500 is not set CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y CONFIG_KEXEC_CORE=y -CONFIG_KEXEC_FILE=y CONFIG_KEXEC_JUMP=y CONFIG_KEXEC_SIG=y -CONFIG_KEYS_REQUEST_CACHE=y -CONFIG_KEY_DH_OPERATIONS=y +# CONFIG_KEXEC_SIG_FORCE is not set +# CONFIG_KEYBOARD_ADP5520 is not set +# CONFIG_KEYBOARD_APPLESPI is not set +# CONFIG_KEYBOARD_GPIO is not set +# CONFIG_KEYBOARD_GPIO_POLLED is not set +# CONFIG_KEYBOARD_MATRIX is not set +# CONFIG_KEYBOARD_PINEPHONE is not set +# CONFIG_KEYBOARD_TWL4030 is not set CONFIG_KEY_NOTIFICATIONS=y -CONFIG_KFENCE=y -CONFIG_KGDB=y -CONFIG_KGDB_HONOUR_BLOCKLIST=y +# CONFIG_KFENCE_DEFERRABLE is not set +CONFIG_KFENCE_NUM_OBJECTS=255 +CONFIG_KFENCE_SAMPLE_INTERVAL=100 +# CONFIG_KFENCE_STATIC_KEYS is not set +CONFIG_KFENCE_STRESS_TEST_FAULTS=0 CONFIG_KGDB_KDB=y CONFIG_KGDB_LOW_LEVEL_TRAP=y CONFIG_KGDB_SERIAL_CONSOLE=y -CONFIG_KPROBES=y +# CONFIG_KGDB_TESTS is not set CONFIG_KPROBES_ON_FTRACE=y CONFIG_KPROBE_EVENTS=y +# CONFIG_KPROBE_EVENTS_ON_NOTRACE is not set CONFIG_KRETPROBES=y CONFIG_KRETPROBE_ON_RETHOOK=y -CONFIG_KSM=y -CONFIG_LATENCYTOP=y -CONFIG_LDISC_AUTOLOAD=y -CONFIG_LDM_PARTITION=y -CONFIG_LEDS_BRIGHTNESS_HW_CHANGED=y -CONFIG_LEDS_TRIGGER_CPU=y -CONFIG_LEDS_TRIGGER_DISK=y -CONFIG_LEDS_TRIGGER_PANIC=y -CONFIG_LED_TRIGGER_PHY=y -CONFIG_LEGACY_PTYS=y -CONFIG_LIBNVDIMM=y +# CONFIG_KS0108 is not set +# CONFIG_KS8842 is not set +# CONFIG_KS8851 is not set +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_KVFREE_RCU_BATCHED=y +# CONFIG_KVM is not set +# CONFIG_LAN743X is not set +# CONFIG_LAN865X is not set +# CONFIG_LATTICE_ECP3_CONFIG is not set +# CONFIG_LCD2S is not set +# CONFIG_LDM_DEBUG is not set +CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY=y +# CONFIG_LEDS_88PM860X is not set +# CONFIG_LEDS_ADP5520 is not set +# CONFIG_LEDS_CHT_WCOVE is not set +# CONFIG_LEDS_DA903X is not set +# CONFIG_LEDS_DA9052 is not set +# CONFIG_LEDS_DAC124S085 is not set +# CONFIG_LEDS_GPIO is not set +# CONFIG_LEDS_LP3952 is not set +# CONFIG_LEDS_LP8788 is not set +# CONFIG_LEDS_LT3593 is not set +# CONFIG_LEDS_MAX8997 is not set +# CONFIG_LEDS_PWM is not set +# CONFIG_LEDS_REGULATOR is not set +# CONFIG_LEDS_SPI_BYTE is not set +# CONFIG_LEDS_TRIGGER_GPIO is not set +# CONFIG_LEDS_TRIGGER_INPUT_EVENTS is not set +# CONFIG_LEDS_WM831X_STATUS is not set +# CONFIG_LEDS_WM8350 is not set +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_LENOVO_SE10_WDT is not set +# CONFIG_LENOVO_SE30_WDT is not set +# CONFIG_LENOVO_WMI_CAMERA is not set +# CONFIG_LENOVO_WMI_HOTKEY_UTILITIES is not set +# CONFIG_LG_LAPTOP is not set +# CONFIG_LIBERTAS is not set +# CONFIG_LIBERTAS_THINFIRM is not set CONFIG_LINEAR_RANGES=y -CONFIG_LIVEPATCH=y +# CONFIG_LIQUIDIO is not set +# CONFIG_LIQUIDIO_VF is not set +# CONFIG_LKDTM is not set +# CONFIG_LMK04832 is not set CONFIG_LOAD_UEFI_KEYS=y CONFIG_LOCKUP_DETECTOR=y +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y -CONFIG_LRU_GEN=y +# CONFIG_LOCK_EVENT_COUNTS is not set CONFIG_LRU_GEN_ENABLED=y +# CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN_WALKS_MMU=y -CONFIG_LWTUNNEL=y +CONFIG_LSM_MMAP_MIN_ADDR=65536 +# CONFIG_LWQ_TEST is not set CONFIG_LWTUNNEL_BPF=y CONFIG_LZ4_DECOMPRESS=y CONFIG_LZO_COMPRESS=y CONFIG_LZO_DECOMPRESS=y -CONFIG_MACINTOSH_DRIVERS=y -CONFIG_MAC_PARTITION=y -CONFIG_MAGIC_SYSRQ_SERIAL=y -CONFIG_MAILBOX=y -CONFIG_MAXSMP=y -CONFIG_MCTP=y -CONFIG_MDIO_BUS=y -CONFIG_MDIO_DEVICE=y -CONFIG_MDIO_DEVRES=y +# CONFIG_MACB is not set +# CONFIG_MAC_EMUMOUSEBTN is not set +CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE="" +# CONFIG_MAX31827 is not set +# CONFIG_MAX6959 is not set +# CONFIG_MAX8925_POWER is not set +# CONFIG_MCTP_SERIAL is not set +# CONFIG_MCTP_TRANSPORT_I2C is not set +# CONFIG_MCTP_TRANSPORT_USB is not set +# CONFIG_MDIO_MSCC_MIIM is not set CONFIG_MD_AUTODETECT=y -CONFIG_MEDIA_CEC_SUPPORT=y -CONFIG_MEGARAID_NEWGEN=y -CONFIG_MELLANOX_PLATFORM=y -CONFIG_MEMORY=y -CONFIG_MEMORY_FAILURE=y -CONFIG_MEMORY_HOTPLUG=y +# CONFIG_MD_LINEAR is not set +# CONFIG_MD_RAID0 is not set +# CONFIG_MD_RAID1 is not set +# CONFIG_MD_RAID10 is not set +# CONFIG_MD_RAID456 is not set +# CONFIG_MEEGOPAD_ANX7428 is not set +# CONFIG_MEGARAID_MM is not set +# CONFIG_MEMCG_V1 is not set CONFIG_MEMORY_HOTREMOVE=y CONFIG_MEMORY_ISOLATION=y CONFIG_MEMREGION=y -CONFIG_MEMTEST=y -CONFIG_MEM_SOFT_DIRTY=y -CONFIG_MFD_88PM860X=y +# CONFIG_MEM_ALLOC_PROFILING is not set +# CONFIG_MEN_A21_WDT is not set CONFIG_MFD_AAT2870_CORE=y -CONFIG_MFD_AS3711=y +# CONFIG_MFD_ARIZONA_SPI is not set +# CONFIG_MFD_CGBC is not set CONFIG_MFD_CORE=y -CONFIG_MFD_DA9052_I2C=y +# CONFIG_MFD_CS40L50_I2C is not set +# CONFIG_MFD_CS40L50_SPI is not set CONFIG_MFD_DA9052_SPI=y -CONFIG_MFD_DA9055=y -CONFIG_MFD_DA9063=y -CONFIG_MFD_LP8788=y -CONFIG_MFD_MAX14577=y -CONFIG_MFD_MAX77693=y -CONFIG_MFD_MAX77843=y -CONFIG_MFD_MAX8925=y -CONFIG_MFD_MAX8997=y -CONFIG_MFD_MAX8998=y -CONFIG_MFD_PALMAS=y -CONFIG_MFD_RC5T583=y -CONFIG_MFD_SYSCON=y -CONFIG_MFD_TPS65090=y -CONFIG_MFD_TPS6586X=y +# CONFIG_MFD_INTEL_M10_BMC_SPI is not set +# CONFIG_MFD_MAX77705 is not set +# CONFIG_MFD_MC13XXX_SPI is not set +# CONFIG_MFD_OCELOT is not set +# CONFIG_MFD_QNAP_MCU is not set CONFIG_MFD_TPS65910=y CONFIG_MFD_TPS65912=y -CONFIG_MFD_TPS65912_I2C=y CONFIG_MFD_TPS65912_SPI=y +# CONFIG_MFD_TPS6594_SPI is not set CONFIG_MFD_TWL4030_AUDIO=y +# CONFIG_MFD_UPBOARD_FPGA is not set CONFIG_MFD_WM831X=y -CONFIG_MFD_WM831X_I2C=y CONFIG_MFD_WM831X_SPI=y CONFIG_MFD_WM8350=y -CONFIG_MFD_WM8350_I2C=y -CONFIG_MFD_WM8400=y +CONFIG_MHP_DEFAULT_ONLINE_TYPE_OFFLINE=y +# CONFIG_MHP_DEFAULT_ONLINE_TYPE_ONLINE_AUTO is not set +# CONFIG_MHP_DEFAULT_ONLINE_TYPE_ONLINE_KERNEL is not set +# CONFIG_MHP_DEFAULT_ONLINE_TYPE_ONLINE_MOVABLE is not set CONFIG_MHP_MEMMAP_ON_MEMORY=y +# CONFIG_MICREL_KS8995MA is not set +# CONFIG_MICROSOFT_MANA is not set CONFIG_MIGRATION=y -CONFIG_MINIX_SUBPARTITION=y -CONFIG_MISC_FILESYSTEMS=y +# CONFIG_MINIX_FS is not set CONFIG_MITIGATION_CALL_DEPTH_TRACKING=y +CONFIG_MITIGATION_GDS=y CONFIG_MITIGATION_IBPB_ENTRY=y CONFIG_MITIGATION_IBRS_ENTRY=y +CONFIG_MITIGATION_ITS=y CONFIG_MITIGATION_L1TF=y CONFIG_MITIGATION_MDS=y CONFIG_MITIGATION_MMIO_STALE_DATA=y @@ -609,301 +1671,553 @@ CONFIG_MITIGATION_SRBDS=y CONFIG_MITIGATION_SRSO=y CONFIG_MITIGATION_SSB=y CONFIG_MITIGATION_TAA=y +CONFIG_MITIGATION_TSA=y CONFIG_MITIGATION_UNRET_ENTRY=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXFW is not set +# CONFIG_MLXREG_HOTPLUG is not set +# CONFIG_MLXREG_IO is not set +# CONFIG_MLXREG_LC is not set +# CONFIG_MLXSW_CORE is not set +# CONFIG_MLX_WDT is not set CONFIG_MMCONF_FAM10H=y CONFIG_MMC_CRYPTO=y +CONFIG_MMC_SDHCI_UHS2=y +# CONFIG_MMC_SPI is not set CONFIG_MMIOTRACE=y CONFIG_MMU_NOTIFIER=y -CONFIG_MODULE_COMPRESS=y -CONFIG_MODULE_COMPRESS_ZSTD=y -CONFIG_MODULE_DECOMPRESS=y -CONFIG_MODULE_SIG=y -CONFIG_MODULE_SIG_ALL=y +CONFIG_MM_ID=y CONFIG_MODULE_SIG_FORMAT=y -CONFIG_MODULE_SIG_KEY_TYPE_RSA=y -CONFIG_MODULE_SIG_SHA512=y -CONFIG_MODULE_SRCVERSION_ALL=y -CONFIG_MODVERSIONS=y -CONFIG_MPTCP=y +# CONFIG_MOST is not set +# CONFIG_MOUSE_GPIO is not set +# CONFIG_MOXA_INTELLIO is not set +# CONFIG_MOXA_SMARTIO is not set CONFIG_MPTCP_IPV6=y -CONFIG_MQ_IOSCHED_DEADLINE=y -CONFIG_MTRR_SANITIZER=y +# CONFIG_MSE102X is not set +# CONFIG_MSHV_ROOT is not set +# CONFIG_MSI_EC is not set +# CONFIG_MSI_LAPTOP is not set +# CONFIG_MSI_WMI_PLATFORM is not set +# CONFIG_MT7601U is not set +# CONFIG_MT7603E is not set +# CONFIG_MT7615E is not set +# CONFIG_MT7663S is not set +# CONFIG_MT7663U is not set +# CONFIG_MT76x0E is not set +# CONFIG_MT76x0U is not set +# CONFIG_MT76x2E is not set +# CONFIG_MT76x2U is not set +# CONFIG_MT7915E is not set +# CONFIG_MT7921E is not set +# CONFIG_MT7921S is not set +# CONFIG_MT7921U is not set +# CONFIG_MT7925E is not set +# CONFIG_MT7925U is not set +# CONFIG_MT7996E is not set +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +# CONFIG_MWIFIEX is not set +# CONFIG_MWL8K is not set +# CONFIG_MYRI10GE is not set +# CONFIG_NATSEMI is not set CONFIG_NCSI_OEM_CMD_GET_MAC=y +# CONFIG_NCSI_OEM_CMD_KEEP_PHY is not set +CONFIG_ND_BTT=y CONFIG_ND_CLAIM=y +CONFIG_ND_PFN=y +# CONFIG_NE2K_PCI is not set CONFIG_NEED_TASKS_RCU=y -CONFIG_NETFILTER_EGRESS=y -CONFIG_NETFILTER_INGRESS=y +# CONFIG_NETCONSOLE_DYNAMIC is not set +# CONFIG_NETDEVSIM is not set CONFIG_NETFILTER_SKIP_EGRESS=y +# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set +# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set CONFIG_NETKIT=y CONFIG_NETLABEL=y -CONFIG_NETWORK_PHY_TIMESTAMPING=y -CONFIG_NETWORK_SECMARK=y +# CONFIG_NETXEN_NIC is not set +# CONFIG_NET_ACT_BPF is not set +# CONFIG_NET_ACT_CSUM is not set +# CONFIG_NET_ACT_GACT is not set +# CONFIG_NET_ACT_GATE is not set +# CONFIG_NET_ACT_IFE is not set +# CONFIG_NET_ACT_MIRRED is not set +# CONFIG_NET_ACT_MPLS is not set +# CONFIG_NET_ACT_NAT is not set +# CONFIG_NET_ACT_PEDIT is not set +# CONFIG_NET_ACT_POLICE is not set +# CONFIG_NET_ACT_SAMPLE is not set +# CONFIG_NET_ACT_SIMP is not set +# CONFIG_NET_ACT_SKBEDIT is not set +# CONFIG_NET_ACT_SKBMOD is not set +# CONFIG_NET_ACT_TUNNEL_KEY is not set +# CONFIG_NET_ACT_VLAN is not set CONFIG_NET_CLS=y CONFIG_NET_CLS_ACT=y +# CONFIG_NET_CLS_BASIC is not set +# CONFIG_NET_CLS_BPF is not set +# CONFIG_NET_CLS_CGROUP is not set +# CONFIG_NET_CLS_FLOW is not set +# CONFIG_NET_CLS_FLOWER is not set +# CONFIG_NET_CLS_FW is not set +# CONFIG_NET_CLS_MATCHALL is not set +# CONFIG_NET_CLS_ROUTE4 is not set +# CONFIG_NET_CLS_U32 is not set CONFIG_NET_DEVMEM=y CONFIG_NET_DROP_MONITOR=y -CONFIG_NET_EMATCH=y -CONFIG_NET_FC=y -CONFIG_NET_L3_MASTER_DEV=y -CONFIG_NET_NCSI=y -CONFIG_NET_PTP_CLASSIFY=y -CONFIG_NET_SCHED=y -CONFIG_NET_SCH_FIFO=y -CONFIG_NET_SELFTESTS=y -CONFIG_NET_SWITCHDEV=y -CONFIG_NET_TC_SKB_EXT=y -CONFIG_NET_TULIP=y -CONFIG_NET_VENDOR_8390=y -CONFIG_NET_VENDOR_ADAPTEC=y -CONFIG_NET_VENDOR_ADI=y -CONFIG_NET_VENDOR_AGERE=y -CONFIG_NET_VENDOR_ALACRITECH=y -CONFIG_NET_VENDOR_ALTEON=y -CONFIG_NET_VENDOR_AMAZON=y -CONFIG_NET_VENDOR_AQUANTIA=y -CONFIG_NET_VENDOR_ARC=y -CONFIG_NET_VENDOR_ASIX=y -CONFIG_NET_VENDOR_BROCADE=y -CONFIG_NET_VENDOR_CADENCE=y -CONFIG_NET_VENDOR_CAVIUM=y -CONFIG_NET_VENDOR_CHELSIO=y -CONFIG_NET_VENDOR_CISCO=y -CONFIG_NET_VENDOR_CORTINA=y -CONFIG_NET_VENDOR_DAVICOM=y -CONFIG_NET_VENDOR_DEC=y -CONFIG_NET_VENDOR_EMULEX=y -CONFIG_NET_VENDOR_ENGLEDER=y -CONFIG_NET_VENDOR_EZCHIP=y -CONFIG_NET_VENDOR_FUNGIBLE=y -CONFIG_NET_VENDOR_HUAWEI=y -CONFIG_NET_VENDOR_I825XX=y -CONFIG_NET_VENDOR_LITEX=y -CONFIG_NET_VENDOR_MELLANOX=y +CONFIG_NET_EMATCH=y +# CONFIG_NET_EMATCH_CMP is not set +# CONFIG_NET_EMATCH_IPT is not set +# CONFIG_NET_EMATCH_META is not set +# CONFIG_NET_EMATCH_NBYTE is not set +CONFIG_NET_EMATCH_STACK=32 +# CONFIG_NET_EMATCH_TEXT is not set +# CONFIG_NET_EMATCH_U32 is not set +CONFIG_NET_PTP_CLASSIFY=y +# CONFIG_NET_SCH_CAKE is not set +# CONFIG_NET_SCH_CBS is not set +# CONFIG_NET_SCH_CHOKE is not set +# CONFIG_NET_SCH_CODEL is not set +# CONFIG_NET_SCH_DEFAULT is not set +# CONFIG_NET_SCH_DRR is not set +# CONFIG_NET_SCH_ETF is not set +# CONFIG_NET_SCH_ETS is not set +CONFIG_NET_SCH_FIFO=y +# CONFIG_NET_SCH_FQ is not set +# CONFIG_NET_SCH_FQ_CODEL is not set +# CONFIG_NET_SCH_GRED is not set +# CONFIG_NET_SCH_HFSC is not set +# CONFIG_NET_SCH_HHF is not set +# CONFIG_NET_SCH_HTB is not set +# CONFIG_NET_SCH_INGRESS is not set +# CONFIG_NET_SCH_MQPRIO is not set +# CONFIG_NET_SCH_MULTIQ is not set +# CONFIG_NET_SCH_NETEM is not set +# CONFIG_NET_SCH_PIE is not set +# CONFIG_NET_SCH_PLUG is not set +# CONFIG_NET_SCH_PRIO is not set +# CONFIG_NET_SCH_QFQ is not set +# CONFIG_NET_SCH_RED is not set +# CONFIG_NET_SCH_SFB is not set +# CONFIG_NET_SCH_SFQ is not set +# CONFIG_NET_SCH_SKBPRIO is not set +# CONFIG_NET_SCH_TAPRIO is not set +# CONFIG_NET_SCH_TBF is not set +# CONFIG_NET_SCH_TEQL is not set +CONFIG_NET_TC_SKB_EXT=y +CONFIG_NET_TULIP=y +CONFIG_NET_VENDOR_8390=y +CONFIG_NET_VENDOR_ADI=y +CONFIG_NET_VENDOR_HISILICON=y CONFIG_NET_VENDOR_META=y -CONFIG_NET_VENDOR_MICREL=y -CONFIG_NET_VENDOR_MICROCHIP=y -CONFIG_NET_VENDOR_MICROSEMI=y -CONFIG_NET_VENDOR_MICROSOFT=y -CONFIG_NET_VENDOR_MYRI=y -CONFIG_NET_VENDOR_NATSEMI=y -CONFIG_NET_VENDOR_NETERION=y -CONFIG_NET_VENDOR_NETRONOME=y -CONFIG_NET_VENDOR_NI=y -CONFIG_NET_VENDOR_NVIDIA=y -CONFIG_NET_VENDOR_OKI=y -CONFIG_NET_VENDOR_PACKET_ENGINES=y -CONFIG_NET_VENDOR_PENSANDO=y -CONFIG_NET_VENDOR_QLOGIC=y -CONFIG_NET_VENDOR_QUALCOMM=y -CONFIG_NET_VENDOR_RDC=y -CONFIG_NET_VENDOR_RENESAS=y -CONFIG_NET_VENDOR_ROCKER=y -CONFIG_NET_VENDOR_SAMSUNG=y -CONFIG_NET_VENDOR_SEEQ=y -CONFIG_NET_VENDOR_SILAN=y -CONFIG_NET_VENDOR_SIS=y -CONFIG_NET_VENDOR_SMSC=y -CONFIG_NET_VENDOR_SOCIONEXT=y -CONFIG_NET_VENDOR_SOLARFLARE=y -CONFIG_NET_VENDOR_STMICRO=y -CONFIG_NET_VENDOR_SUN=y -CONFIG_NET_VENDOR_SYNOPSYS=y -CONFIG_NET_VENDOR_TEHUTI=y -CONFIG_NET_VENDOR_TI=y -CONFIG_NET_VENDOR_VERTEXCOM=y -CONFIG_NET_VENDOR_VIA=y -CONFIG_NET_VENDOR_WANGXUN=y -CONFIG_NET_VENDOR_WIZNET=y -CONFIG_NET_VENDOR_XILINX=y -CONFIG_NMI_CHECK_CPU=y +# CONFIG_NET_VRF is not set +# CONFIG_NFP is not set +# CONFIG_NFS_FSCACHE is not set +# CONFIG_NF_CONNTRACK_SECMARK is not set +# CONFIG_NGBE is not set +# CONFIG_NIU is not set +# CONFIG_NI_XGE_MANAGEMENT_ENET is not set +CONFIG_NODES_SHIFT=10 CONFIG_NOP_TRACER=y -CONFIG_NO_HZ_FULL=y -CONFIG_NUMA=y +# CONFIG_NO_PAGE_MAPCOUNT is not set +# CONFIG_NS83820 is not set +# CONFIG_NSM is not set +# CONFIG_NTSYNC is not set CONFIG_NUMA_BALANCING=y CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y +# CONFIG_NUMA_EMU is not set CONFIG_NUMA_KEEP_MEMINFO=y CONFIG_NUMA_MEMBLKS=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_KEYS=y CONFIG_NVDIMM_PFN=y +# CONFIG_NVDIMM_SECURITY_TEST is not set +# CONFIG_NVMEM_LAYOUTS is not set +# CONFIG_NVME_HOST_AUTH is not set +# CONFIG_NVME_HWMON is not set +# CONFIG_NVME_TARGET is not set +# CONFIG_NVSW_SN2201 is not set +# CONFIG_NXP_TJA11XX_PHY is not set +# CONFIG_N_HDLC is not set +# CONFIG_OBJTOOL_WERROR is not set +# CONFIG_OCFS2_FS is not set +# CONFIG_OCTEON_EP_VF is not set +# CONFIG_OMFS_FS is not set CONFIG_OPTPROBES=y -CONFIG_OSF_PARTITION=y +# CONFIG_ORANGEFS_FS is not set CONFIG_OSNOISE_TRACER=y -CONFIG_PACKING=y +# CONFIG_P54_COMMON is not set CONFIG_PADATA=y CONFIG_PAGE_IDLE_FLAG=y -CONFIG_PAGE_POISONING=y -CONFIG_PAGE_POOL_STATS=y +CONFIG_PAGE_MAPCOUNT=y +CONFIG_PAGE_SHIFT=12 CONFIG_PAGE_SIZE_4KB=y CONFIG_PARAVIRT_XXL=y -CONFIG_PATA_SIS=y +# CONFIG_PARPORT_PANEL is not set CONFIG_PC104=y CONFIG_PCC=y -CONFIG_PCIEAER=y +# CONFIG_PCENGINES_APU2 is not set +# CONFIG_PCIEAER_INJECT is not set CONFIG_PCIE_BUS_DEFAULT=y +# CONFIG_PCIE_BUS_PEER2PEER is not set +# CONFIG_PCIE_BUS_PERFORMANCE is not set +# CONFIG_PCIE_BUS_SAFE is not set +# CONFIG_PCIE_BUS_TUNE_OFF is not set CONFIG_PCIE_DPC=y CONFIG_PCIE_DW=y +# CONFIG_PCIE_DW_DEBUGFS is not set CONFIG_PCIE_DW_EP=y CONFIG_PCIE_DW_HOST=y CONFIG_PCIE_DW_PLAT=y CONFIG_PCIE_DW_PLAT_EP=y -CONFIG_PCIE_DW_PLAT_HOST=y +# CONFIG_PCIE_ECRC is not set CONFIG_PCIE_EDR=y -CONFIG_PCIE_PTM=y CONFIG_PCIE_THERMAL=y CONFIG_PCIE_TPH=y -CONFIG_PCI_ENDPOINT=y +# CONFIG_PCI_DOE is not set CONFIG_PCI_ENDPOINT_CONFIGFS=y -CONFIG_PCI_MMCONFIG=y +# CONFIG_PCI_EPF_NTB is not set +# CONFIG_PCI_EPF_TEST is not set CONFIG_PCI_NPEM=y CONFIG_PCI_P2PDMA=y -CONFIG_PCI_PASID=y -CONFIG_PCI_PRI=y -CONFIG_PCI_REALLOC_ENABLE_AUTO=y +# CONFIG_PCI_PWRCTL_SLOT is not set CONFIG_PCI_XEN=y -CONFIG_PCPU_DEV_REFCNT=y -CONFIG_PERF_EVENTS_AMD_BRS=y -CONFIG_PERF_EVENTS_INTEL_UNCORE=y -CONFIG_PERSISTENT_KEYRINGS=y +CONFIG_PCP_BATCH_SCALE_MAX=5 +# CONFIG_PCS_XPCS is not set +# CONFIG_PFCP is not set CONFIG_PGTABLE_HAS_HUGE_LEAVES=y -CONFIG_PHYLIB=y +# CONFIG_PHY_SAMSUNG_USB2 is not set CONFIG_PINCONF=y -CONFIG_PINCTRL_AMD=y -CONFIG_PINCTRL_BAYTRAIL=y -CONFIG_PINCTRL_CHERRYVIEW=y CONFIG_PINCTRL_INTEL=y -CONFIG_PINCTRL_SX150X=y +# CONFIG_PINCTRL_INTEL_PLATFORM is not set +# CONFIG_PINCTRL_METEORPOINT is not set CONFIG_PINMUX=y -CONFIG_PMIC_ADP5520=y -CONFIG_PMIC_DA903X=y +# CONFIG_PLFXLC is not set +# CONFIG_PLX_DMA is not set +# CONFIG_PMBUS is not set CONFIG_PMIC_DA9052=y -CONFIG_PMIC_OPREGION=y -CONFIG_PM_DEVFREQ=y +# CONFIG_PM_AUTOSLEEP is not set CONFIG_PM_DEVFREQ_EVENT=y CONFIG_PM_OPP=y CONFIG_PM_SLEEP=y CONFIG_PM_SLEEP_DEBUG=y CONFIG_PM_SLEEP_SMP=y +CONFIG_PM_STD_PARTITION="" +# CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y +# CONFIG_PM_USERSPACE_AUTOSLEEP is not set CONFIG_PM_WAKELOCKS=y CONFIG_PM_WAKELOCKS_GC=y -CONFIG_POWERCAP=y -CONFIG_POWER_RESET=y +CONFIG_PM_WAKELOCKS_LIMIT=100 CONFIG_POWER_RESET_RESTART=y +# CONFIG_POWER_SEQUENCING is not set CONFIG_POWER_SUPPLY_HWMON=y -CONFIG_PPP=y +# CONFIG_PPPOE is not set +CONFIG_PPPOE_HASH_BITS=4 +# CONFIG_PPP_ASYNC is not set +# CONFIG_PPP_BSDCOMP is not set +# CONFIG_PPP_DEFLATE is not set CONFIG_PPP_FILTER=y +# CONFIG_PPP_MPPE is not set CONFIG_PPP_MULTILINK=y -CONFIG_PPS=y -CONFIG_PREEMPT_DYNAMIC=y -CONFIG_PREEMPT_VOLUNTARY=y +# CONFIG_PPP_SYNC_TTY is not set +# CONFIG_PPS_CLIENT_GPIO is not set +# CONFIG_PPS_CLIENT_KTIMER is not set +# CONFIG_PPS_CLIENT_LDISC is not set +# CONFIG_PPS_CLIENT_PARPORT is not set +# CONFIG_PPS_DEBUG is not set +# CONFIG_PPS_GENERATOR is not set +# CONFIG_PREEMPT_LAZY is not set +# CONFIG_PREEMPT_RT is not set +# CONFIG_PREEMPT_TRACER is not set CONFIG_PREFIX_SYMBOLS=y +# CONFIG_PRINTK_INDEX is not set CONFIG_PROBE_EVENTS=y -CONFIG_PROBE_EVENTS_BTF_ARGS=y CONFIG_PROCESSOR_SELECT=y CONFIG_PROC_CPU_RESCTRL=y -CONFIG_PROC_EVENTS=y CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_PROC_VMCORE=y CONFIG_PROC_VMCORE_DEVICE_DUMP=y -CONFIG_PROFILING=y -CONFIG_PSE_CONTROLLER=y -CONFIG_PSI=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PSE_PD692X0 is not set +# CONFIG_PSE_REGULATOR is not set +# CONFIG_PSE_TPS23881 is not set +# CONFIG_PSI_DEFAULT_DISABLED is not set CONFIG_PSTORE=y +# CONFIG_PSTORE_BLK is not set CONFIG_PSTORE_COMPRESS=y -CONFIG_PTDUMP_CORE=y +# CONFIG_PSTORE_CONSOLE is not set +CONFIG_PSTORE_DEFAULT_KMSG_BYTES=10240 +# CONFIG_PSTORE_FTRACE is not set +# CONFIG_PSTORE_PMSG is not set +# CONFIG_PSTORE_RAM is not set +CONFIG_PTDUMP=y +# CONFIG_PTDUMP_DEBUGFS is not set CONFIG_PTE_MARKER_UFFD_WP=y -CONFIG_PTP_1588_CLOCK=y -CONFIG_PVH=y -CONFIG_PVPANIC=y -CONFIG_PWM=y +# CONFIG_PTP_1588_CLOCK_FC3W is not set +# CONFIG_PTP_1588_CLOCK_IDT82P33 is not set +# CONFIG_PTP_1588_CLOCK_IDTCM is not set +# CONFIG_PTP_1588_CLOCK_INES is not set +CONFIG_PTP_1588_CLOCK_KVM=y +# CONFIG_PTP_1588_CLOCK_MOCK is not set +CONFIG_PTP_1588_CLOCK_VMCLOCK=y +# CONFIG_PTP_1588_CLOCK_VMW is not set +CONFIG_PT_RECLAIM=y +# CONFIG_PVPANIC_MMIO is not set +# CONFIG_PVPANIC_PCI is not set +# CONFIG_PWM_CLK is not set CONFIG_PWM_CRC=y +# CONFIG_PWM_DEBUG is not set +# CONFIG_PWM_DWC is not set +# CONFIG_PWM_GPIO is not set CONFIG_PWM_LPSS=y CONFIG_PWM_LPSS_PCI=y CONFIG_PWM_LPSS_PLATFORM=y -CONFIG_QUOTA=y +# CONFIG_PWM_PCA9685 is not set +# CONFIG_PWM_TWL is not set +# CONFIG_PWM_TWL_LED is not set +# CONFIG_QCA808X_PHY is not set +# CONFIG_QCA83XX_PHY is not set +# CONFIG_QCOM_EMAC is not set +# CONFIG_QCOM_HIDMA is not set +# CONFIG_QCOM_HIDMA_MGMT is not set +# CONFIG_QED is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_QTNFMAC_PCIE is not set CONFIG_QUOTACTL=y +# CONFIG_QUOTA_DEBUG is not set CONFIG_QUOTA_NETLINK_INTERFACE=y -CONFIG_RANDOMIZE_BASE=y -CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y +# CONFIG_R6040 is not set CONFIG_RANDOMIZE_MEMORY=y -CONFIG_RANDOM_KMALLOC_CACHES=y -CONFIG_RAPIDIO=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa +# CONFIG_RAPIDIO_CHMAN is not set +# CONFIG_RAPIDIO_CPS_GEN2 is not set +# CONFIG_RAPIDIO_CPS_XX is not set +# CONFIG_RAPIDIO_DEBUG is not set +CONFIG_RAPIDIO_DISC_TIMEOUT=30 CONFIG_RAPIDIO_DMA_ENGINE=y -CONFIG_RAS=y +# CONFIG_RAPIDIO_ENABLE_RX_TX_PORTS is not set +# CONFIG_RAPIDIO_ENUM_BASIC is not set +# CONFIG_RAPIDIO_MPORT_CDEV is not set +# CONFIG_RAPIDIO_RXS_GEN3 is not set +# CONFIG_RAPIDIO_TSI721 is not set CONFIG_RAS_CEC=y -CONFIG_RCU_CPU_STALL_CPUTIME=y +# CONFIG_RAS_CEC_DEBUG is not set +# CONFIG_RAVE_SP_CORE is not set +# CONFIG_RBTREE_TEST is not set CONFIG_RCU_LAZY=y CONFIG_RCU_LAZY_DEFAULT_OFF=y CONFIG_RCU_NOCB_CPU=y -CONFIG_RD_BZIP2=y -CONFIG_RD_LZ4=y -CONFIG_RD_LZMA=y -CONFIG_RD_LZO=y -CONFIG_RD_XZ=y -CONFIG_REGMAP_I2C=y +# CONFIG_RCU_NOCB_CPU_DEFAULT_ALL is not set +# CONFIG_READ_ONLY_THP_FOR_FS is not set +# CONFIG_REALTEK_PHY_HWMON is not set +# CONFIG_REED_SOLOMON_TEST is not set CONFIG_REGMAP_IRQ=y CONFIG_REGMAP_MMIO=y CONFIG_REGMAP_SPI=y -CONFIG_REGULATOR=y +# CONFIG_REGULATOR_88PG86X is not set +# CONFIG_REGULATOR_88PM8607 is not set +# CONFIG_REGULATOR_AAT2870 is not set +# CONFIG_REGULATOR_ACT8865 is not set +# CONFIG_REGULATOR_AD5398 is not set +# CONFIG_REGULATOR_AS3711 is not set +# CONFIG_REGULATOR_AW37503 is not set +# CONFIG_REGULATOR_DA903X is not set +# CONFIG_REGULATOR_DA9052 is not set +# CONFIG_REGULATOR_DA9055 is not set +# CONFIG_REGULATOR_DA9210 is not set +# CONFIG_REGULATOR_DA9211 is not set +# CONFIG_REGULATOR_DEBUG is not set +# CONFIG_REGULATOR_FAN53555 is not set +# CONFIG_REGULATOR_FIXED_VOLTAGE is not set +# CONFIG_REGULATOR_GPIO is not set +# CONFIG_REGULATOR_ISL6271A is not set +# CONFIG_REGULATOR_ISL9305 is not set +# CONFIG_REGULATOR_LP3971 is not set +# CONFIG_REGULATOR_LP3972 is not set +# CONFIG_REGULATOR_LP872X is not set +# CONFIG_REGULATOR_LP8755 is not set +# CONFIG_REGULATOR_LP8788 is not set +# CONFIG_REGULATOR_LTC3589 is not set +# CONFIG_REGULATOR_LTC3676 is not set +# CONFIG_REGULATOR_MAX14577 is not set +# CONFIG_REGULATOR_MAX1586 is not set +# CONFIG_REGULATOR_MAX20086 is not set +# CONFIG_REGULATOR_MAX20411 is not set +# CONFIG_REGULATOR_MAX77503 is not set +# CONFIG_REGULATOR_MAX77693 is not set +# CONFIG_REGULATOR_MAX77826 is not set +# CONFIG_REGULATOR_MAX77857 is not set +# CONFIG_REGULATOR_MAX8649 is not set +# CONFIG_REGULATOR_MAX8660 is not set +# CONFIG_REGULATOR_MAX8893 is not set +# CONFIG_REGULATOR_MAX8925 is not set +# CONFIG_REGULATOR_MAX8952 is not set +# CONFIG_REGULATOR_MAX8997 is not set +# CONFIG_REGULATOR_MAX8998 is not set +# CONFIG_REGULATOR_MP8859 is not set +# CONFIG_REGULATOR_MT6311 is not set CONFIG_REGULATOR_NETLINK_EVENTS=y -CONFIG_REMOTEPROC=y +# CONFIG_REGULATOR_PALMAS is not set +# CONFIG_REGULATOR_PCA9450 is not set +# CONFIG_REGULATOR_PCAP is not set +# CONFIG_REGULATOR_PF9453 is not set +# CONFIG_REGULATOR_PV88060 is not set +# CONFIG_REGULATOR_PV88080 is not set +# CONFIG_REGULATOR_PV88090 is not set +# CONFIG_REGULATOR_PWM is not set +# CONFIG_REGULATOR_RAA215300 is not set +# CONFIG_REGULATOR_RC5T583 is not set +# CONFIG_REGULATOR_RT4801 is not set +# CONFIG_REGULATOR_RT4803 is not set +# CONFIG_REGULATOR_RT5190A is not set +# CONFIG_REGULATOR_RT5739 is not set +# CONFIG_REGULATOR_RT5759 is not set +# CONFIG_REGULATOR_RT6160 is not set +# CONFIG_REGULATOR_RT6190 is not set +# CONFIG_REGULATOR_RT6245 is not set +# CONFIG_REGULATOR_RTMV20 is not set +# CONFIG_REGULATOR_RTQ2134 is not set +# CONFIG_REGULATOR_RTQ2208 is not set +# CONFIG_REGULATOR_RTQ6752 is not set +# CONFIG_REGULATOR_SLG51000 is not set +# CONFIG_REGULATOR_TPS51632 is not set +# CONFIG_REGULATOR_TPS62360 is not set +# CONFIG_REGULATOR_TPS65023 is not set +# CONFIG_REGULATOR_TPS6507X is not set +# CONFIG_REGULATOR_TPS65090 is not set +# CONFIG_REGULATOR_TPS65132 is not set +# CONFIG_REGULATOR_TPS6524X is not set +# CONFIG_REGULATOR_TPS6586X is not set +# CONFIG_REGULATOR_TPS65910 is not set +# CONFIG_REGULATOR_TPS65912 is not set +# CONFIG_REGULATOR_TWL4030 is not set +# CONFIG_REGULATOR_USERSPACE_CONSUMER is not set +# CONFIG_REGULATOR_VIRTUAL_CONSUMER is not set +# CONFIG_REGULATOR_WM831X is not set +# CONFIG_REGULATOR_WM8350 is not set +# CONFIG_REGULATOR_WM8400 is not set CONFIG_REMOTEPROC_CDEV=y -CONFIG_RESET_ATTACK_MITIGATION=y -CONFIG_RESET_CONTROLLER=y +CONFIG_RESCTRL_FS_PSEUDO_LOCK=y +# CONFIG_RESET_GPIO is not set CONFIG_RESET_SIMPLE=y +# CONFIG_RESET_TI_SYSCON is not set +# CONFIG_RESET_TI_TPS380X is not set CONFIG_RETHOOK=y -CONFIG_RFKILL=y +# CONFIG_RFKILL_GPIO is not set CONFIG_RFKILL_INPUT=y CONFIG_RFKILL_LEDS=y CONFIG_RING_BUFFER=y -CONFIG_RTC_HCTOSYS=y -CONFIG_RTC_INTF_DEV=y -CONFIG_RTC_INTF_PROC=y -CONFIG_RTC_INTF_SYSFS=y -CONFIG_RTC_NVMEM=y -CONFIG_RTC_SYSTOHC=y -CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_RING_BUFFER_BENCHMARK is not set +# CONFIG_RING_BUFFER_STARTUP_TEST is not set +# CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set +# CONFIG_RIONET is not set +# CONFIG_RMNET is not set +# CONFIG_ROCKER is not set +# CONFIG_ROMFS_FS is not set +CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1=y +# CONFIG_RPMB is not set +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RSI_91X is not set +# CONFIG_RT2X00 is not set +# CONFIG_RTASE is not set +# CONFIG_RTC_DRV_88PM860X is not set +# CONFIG_RTC_DRV_DA9052 is not set +# CONFIG_RTC_DRV_DA9055 is not set +# CONFIG_RTC_DRV_DA9063 is not set +# CONFIG_RTC_DRV_DS1302 is not set +# CONFIG_RTC_DRV_DS1305 is not set +# CONFIG_RTC_DRV_DS1343 is not set +# CONFIG_RTC_DRV_DS1347 is not set +# CONFIG_RTC_DRV_DS1390 is not set +# CONFIG_RTC_DRV_LP8788 is not set +# CONFIG_RTC_DRV_M41T93 is not set +# CONFIG_RTC_DRV_M41T94 is not set +# CONFIG_RTC_DRV_MAX31335 is not set +# CONFIG_RTC_DRV_MAX6902 is not set +# CONFIG_RTC_DRV_MAX6916 is not set +# CONFIG_RTC_DRV_MAX8925 is not set +# CONFIG_RTC_DRV_MAX8997 is not set +# CONFIG_RTC_DRV_MAX8998 is not set +# CONFIG_RTC_DRV_MCP795 is not set +# CONFIG_RTC_DRV_PALMAS is not set +# CONFIG_RTC_DRV_PCAP is not set +# CONFIG_RTC_DRV_PCF2123 is not set +# CONFIG_RTC_DRV_R9701 is not set +# CONFIG_RTC_DRV_RC5T583 is not set +# CONFIG_RTC_DRV_RS5C348 is not set +# CONFIG_RTC_DRV_RX4581 is not set +# CONFIG_RTC_DRV_RX8111 is not set +# CONFIG_RTC_DRV_SD2405AL is not set +# CONFIG_RTC_DRV_TPS6586X is not set +# CONFIG_RTC_DRV_TPS65910 is not set +# CONFIG_RTC_DRV_WM831X is not set +# CONFIG_RTC_DRV_WM8350 is not set +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTL8180 is not set +# CONFIG_RTL8187 is not set +# CONFIG_RTL8188EE is not set +# CONFIG_RTL8192CE is not set +# CONFIG_RTL8192CU is not set +# CONFIG_RTL8192DE is not set +# CONFIG_RTL8192DU is not set +# CONFIG_RTL8192EE is not set +# CONFIG_RTL8192SE is not set +# CONFIG_RTL8723AE is not set +# CONFIG_RTL8723BE is not set +# CONFIG_RTL8821AE is not set +# CONFIG_RTL8XXXU is not set +CONFIG_RTL_CARDS=y +# CONFIG_RTW88 is not set +# CONFIG_RTW89 is not set +CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=0 CONFIG_RV=y +# CONFIG_RV_MON_SCHED is not set CONFIG_RV_MON_WWNR=y CONFIG_RV_REACTORS=y CONFIG_RV_REACT_PANIC=y CONFIG_RV_REACT_PRINTK=y -CONFIG_SAMPLES=y -CONFIG_SATA_PMP=y -CONFIG_SATA_ZPODD=y -CONFIG_SCHEDSTATS=y -CONFIG_SCHED_AUTOGROUP=y -CONFIG_SCHED_CLASS_EXT=y -CONFIG_SCHED_CLUSTER=y -CONFIG_SCHED_CORE=y -CONFIG_SCHED_DEBUG=y +# CONFIG_S2IO is not set +# CONFIG_SAMPLE_AUXDISPLAY is not set +# CONFIG_SAMPLE_FTRACE_OPS is not set +# CONFIG_SAMPLE_HUNG_TASK is not set +# CONFIG_SAMPLE_KOBJECT is not set +# CONFIG_SAMPLE_VFIO_MDEV_MDPY_FB is not set +# CONFIG_SAMPLE_WATCHDOG is not set +# CONFIG_SAMSUNG_GALAXYBOOK is not set +# CONFIG_SATA_DWC is not set +# CONFIG_SC92031 is not set CONFIG_SCHED_HRTICK=y CONFIG_SCHED_INFO=y -CONFIG_SCHED_MC=y CONFIG_SCHED_MC_PRIO=y -CONFIG_SCHED_OMIT_FRAME_POINTER=y -CONFIG_SCHED_STACK_END_CHECK=y CONFIG_SCHED_TRACER=y CONFIG_SCREEN_INFO=y -CONFIG_SCSI_CONSTANTS=y -CONFIG_SCSI_DH=y -CONFIG_SCSI_LOGGING=y -CONFIG_SCSI_PROC_FS=y -CONFIG_SCSI_SCAN_ASYNC=y -CONFIG_SECONDARY_TRUSTED_KEYRING=y -CONFIG_SECTION_MISMATCH_WARN_ONLY=y -CONFIG_SECURITY=y +# CONFIG_SCSI_DH_ALUA is not set +# CONFIG_SCSI_DH_EMC is not set +# CONFIG_SCSI_DH_HP_SW is not set +# CONFIG_SCSI_DH_RDAC is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING_SIGNED_BY_BUILTIN is not set CONFIG_SECURITY_APPARMOR=y +# CONFIG_SECURITY_APPARMOR_DEBUG is not set CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y -CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y +# CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y CONFIG_SECURITY_NETWORK=y @@ -912,57 +2226,296 @@ CONFIG_SECURITY_SAFESETID=y CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y +# CONFIG_SECURITY_SELINUX_DEBUG is not set CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 +CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SMACK=y CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y +# CONFIG_SECURITY_SMACK_BRINGUP is not set CONFIG_SECURITY_SMACK_NETFILTER=y CONFIG_SECURITY_TOMOYO=y +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" CONFIG_SECURITY_YAMA=y -CONFIG_SERIAL_8250_16550A_VARIANTS=y +# CONFIG_SEG_LED_GPIO is not set +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_AD7314 is not set +# CONFIG_SENSORS_AD7414 is not set +# CONFIG_SENSORS_AD7418 is not set +# CONFIG_SENSORS_ADC128D818 is not set +# CONFIG_SENSORS_ADCXX is not set +# CONFIG_SENSORS_ADM1025 is not set +# CONFIG_SENSORS_ADM1026 is not set +# CONFIG_SENSORS_ADM1029 is not set +# CONFIG_SENSORS_ADM1031 is not set +# CONFIG_SENSORS_ADM1177 is not set +# CONFIG_SENSORS_ADM9240 is not set +# CONFIG_SENSORS_ADS7828 is not set +# CONFIG_SENSORS_ADS7871 is not set +# CONFIG_SENSORS_ADT7310 is not set +# CONFIG_SENSORS_ADT7410 is not set +# CONFIG_SENSORS_ADT7411 is not set +# CONFIG_SENSORS_ADT7462 is not set +# CONFIG_SENSORS_ADT7470 is not set +# CONFIG_SENSORS_ADT7475 is not set +# CONFIG_SENSORS_AHT10 is not set +# CONFIG_SENSORS_AMC6821 is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_AQUACOMPUTER_D5NEXT is not set +# CONFIG_SENSORS_AS370 is not set +# CONFIG_SENSORS_ASB100 is not set +# CONFIG_SENSORS_ASC7621 is not set +# CONFIG_SENSORS_ASUS_EC is not set +# CONFIG_SENSORS_ASUS_ROG_RYUJIN is not set +# CONFIG_SENSORS_ASUS_WMI is not set +# CONFIG_SENSORS_ATK0110 is not set +# CONFIG_SENSORS_ATXP1 is not set +# CONFIG_SENSORS_AXI_FAN_CONTROL is not set +# CONFIG_SENSORS_CHIPCAP2 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_CORSAIR_CPRO is not set +# CONFIG_SENSORS_CORSAIR_PSU is not set +# CONFIG_SENSORS_DA9052_ADC is not set +# CONFIG_SENSORS_DA9055 is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_DME1737 is not set +# CONFIG_SENSORS_DRIVETEMP is not set +# CONFIG_SENSORS_DS1621 is not set +# CONFIG_SENSORS_DS620 is not set +# CONFIG_SENSORS_EMC1403 is not set +# CONFIG_SENSORS_EMC2103 is not set +# CONFIG_SENSORS_EMC2305 is not set +# CONFIG_SENSORS_EMC6W201 is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_F75375S is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_FSCHMD is not set +# CONFIG_SENSORS_FTSTEUTATES is not set +# CONFIG_SENSORS_G760A is not set +# CONFIG_SENSORS_G762 is not set +# CONFIG_SENSORS_GIGABYTE_WATERFORCE is not set +# CONFIG_SENSORS_GL518SM is not set +# CONFIG_SENSORS_GL520SM is not set +# CONFIG_SENSORS_HIH6130 is not set +# CONFIG_SENSORS_HP_WMI is not set +# CONFIG_SENSORS_HS3001 is not set +# CONFIG_SENSORS_HTU31 is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_INA209 is not set +# CONFIG_SENSORS_INA238 is not set +# CONFIG_SENSORS_INA2XX is not set +# CONFIG_SENSORS_INA3221 is not set +# CONFIG_SENSORS_ISL28022 is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_JC42 is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_LENOVO_EC is not set +# CONFIG_SENSORS_LINEAGE is not set +CONFIG_SENSORS_LIS3LV02D=y +# CONFIG_SENSORS_LM63 is not set +# CONFIG_SENSORS_LM70 is not set +# CONFIG_SENSORS_LM73 is not set +# CONFIG_SENSORS_LM75 is not set +# CONFIG_SENSORS_LM77 is not set +# CONFIG_SENSORS_LM78 is not set +# CONFIG_SENSORS_LM80 is not set +# CONFIG_SENSORS_LM83 is not set +# CONFIG_SENSORS_LM85 is not set +# CONFIG_SENSORS_LM87 is not set +# CONFIG_SENSORS_LM90 is not set +# CONFIG_SENSORS_LM92 is not set +# CONFIG_SENSORS_LM93 is not set +# CONFIG_SENSORS_LM95234 is not set +# CONFIG_SENSORS_LM95241 is not set +# CONFIG_SENSORS_LM95245 is not set +# CONFIG_SENSORS_LTC2945 is not set +# CONFIG_SENSORS_LTC2947_I2C is not set +# CONFIG_SENSORS_LTC2947_SPI is not set +# CONFIG_SENSORS_LTC2990 is not set +# CONFIG_SENSORS_LTC2991 is not set +# CONFIG_SENSORS_LTC2992 is not set +# CONFIG_SENSORS_LTC4151 is not set +# CONFIG_SENSORS_LTC4215 is not set +# CONFIG_SENSORS_LTC4222 is not set +# CONFIG_SENSORS_LTC4245 is not set +# CONFIG_SENSORS_LTC4260 is not set +# CONFIG_SENSORS_LTC4261 is not set +# CONFIG_SENSORS_LTC4282 is not set +# CONFIG_SENSORS_MAX1111 is not set +# CONFIG_SENSORS_MAX127 is not set +# CONFIG_SENSORS_MAX16065 is not set +# CONFIG_SENSORS_MAX1619 is not set +# CONFIG_SENSORS_MAX1668 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_MAX31722 is not set +# CONFIG_SENSORS_MAX31730 is not set +# CONFIG_SENSORS_MAX31760 is not set +# CONFIG_SENSORS_MAX31790 is not set +# CONFIG_SENSORS_MAX6620 is not set +# CONFIG_SENSORS_MAX6621 is not set +# CONFIG_SENSORS_MAX6639 is not set +# CONFIG_SENSORS_MAX6650 is not set +# CONFIG_SENSORS_MAX6697 is not set +# CONFIG_SENSORS_MC34VR500 is not set +# CONFIG_SENSORS_MCP3021 is not set +# CONFIG_SENSORS_MLXREG_FAN is not set +# CONFIG_SENSORS_MR75203 is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_NCT6775_I2C is not set +# CONFIG_SENSORS_NCT7363 is not set +# CONFIG_SENSORS_NCT7802 is not set +# CONFIG_SENSORS_NCT7904 is not set +# CONFIG_SENSORS_NPCM7XX is not set +# CONFIG_SENSORS_NZXT_KRAKEN2 is not set +# CONFIG_SENSORS_NZXT_KRAKEN3 is not set +# CONFIG_SENSORS_NZXT_SMART2 is not set +# CONFIG_SENSORS_OCC_P8_I2C is not set +# CONFIG_SENSORS_OXP is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_PCF8591 is not set +# CONFIG_SENSORS_POWERZ is not set +# CONFIG_SENSORS_POWR1220 is not set +# CONFIG_SENSORS_PT5161L is not set +# CONFIG_SENSORS_PWM_FAN is not set +# CONFIG_SENSORS_SBRMI is not set +# CONFIG_SENSORS_SBTSI is not set +# CONFIG_SENSORS_SCH5627 is not set +# CONFIG_SENSORS_SCH5636 is not set +# CONFIG_SENSORS_SHT15 is not set +# CONFIG_SENSORS_SHT21 is not set +# CONFIG_SENSORS_SHT3x is not set +# CONFIG_SENSORS_SHT4x is not set +# CONFIG_SENSORS_SHTC1 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47M192 is not set +# CONFIG_SENSORS_SPD5118 is not set +# CONFIG_SENSORS_STTS751 is not set +# CONFIG_SENSORS_TC654 is not set +# CONFIG_SENSORS_TC74 is not set +# CONFIG_SENSORS_THMC50 is not set +# CONFIG_SENSORS_TMP102 is not set +# CONFIG_SENSORS_TMP103 is not set +# CONFIG_SENSORS_TMP108 is not set +# CONFIG_SENSORS_TMP401 is not set +# CONFIG_SENSORS_TMP421 is not set +# CONFIG_SENSORS_TMP464 is not set +# CONFIG_SENSORS_TMP513 is not set +# CONFIG_SENSORS_TPS23861 is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627EHF is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83773G is not set +# CONFIG_SENSORS_W83781D is not set +# CONFIG_SENSORS_W83791D is not set +# CONFIG_SENSORS_W83792D is not set +# CONFIG_SENSORS_W83793 is not set +# CONFIG_SENSORS_W83795 is not set +# CONFIG_SENSORS_W83L785TS is not set +# CONFIG_SENSORS_W83L786NG is not set +# CONFIG_SENSORS_WM831X is not set +# CONFIG_SENSORS_WM8350 is not set +# CONFIG_SENSORS_XGENE is not set +# CONFIG_SERIAL_8250_DETECT_IRQ is not set CONFIG_SERIAL_8250_DMA=y -CONFIG_SERIAL_8250_EXTENDED=y -CONFIG_SERIAL_8250_FINTEK=y CONFIG_SERIAL_8250_MANY_PORTS=y -CONFIG_SERIAL_8250_MID=y +# CONFIG_SERIAL_8250_NI is not set CONFIG_SERIAL_8250_RSA=y -CONFIG_SERIAL_8250_RT288X=y CONFIG_SERIAL_8250_SHARE_IRQ=y -CONFIG_SERIAL_DEV_BUS=y CONFIG_SERIAL_DEV_CTRL_TTYPORT=y -CONFIG_SERIAL_KGDB_NMI=y +# CONFIG_SERIAL_MAX3100 is not set CONFIG_SERIAL_MAX310X=y CONFIG_SERIAL_MCTRL_GPIO=y -CONFIG_SERIAL_NONSTANDARD=y -CONFIG_SERIAL_SCCNXP=y +# CONFIG_SERIAL_MULTI_INSTANTIATE is not set CONFIG_SERIAL_SCCNXP_CONSOLE=y -CONFIG_SGI_PARTITION=y -CONFIG_SHUFFLE_PAGE_ALLOCATOR=y +# CONFIG_SERIO_GPIO_PS2 is not set +CONFIG_SEV_GUEST=y +# CONFIG_SFC is not set +# CONFIG_SFC_FALCON is not set +# CONFIG_SFC_SIENA is not set +# CONFIG_SF_PDMA is not set +# CONFIG_SGI_GRU is not set +# CONFIG_SGI_XP is not set +# CONFIG_SHRINKER_DEBUG is not set CONFIG_SIGNATURE=y -CONFIG_SIGNED_PE_FILE_VERIFICATION=y +# CONFIG_SIS190 is not set +# CONFIG_SIS900 is not set +# CONFIG_SKFP is not set +# CONFIG_SKGE_DEBUG is not set +# CONFIG_SKY2_DEBUG is not set CONFIG_SLAB_BUCKETS=y -CONFIG_SLAB_FREELIST_HARDENED=y -CONFIG_SLAB_FREELIST_RANDOM=y -CONFIG_SLAB_MERGE_DEFAULT=y CONFIG_SLAB_OBJ_EXT=y CONFIG_SLHC=y -CONFIG_SLUB_CPU_PARTIAL=y -CONFIG_SOC_TI=y -CONFIG_SOFTLOCKUP_DETECTOR=y -CONFIG_SOLARIS_X86_PARTITION=y -CONFIG_SPARSEMEM_VMEMMAP=y -CONFIG_SPI=y +# CONFIG_SLICOSS is not set +# CONFIG_SLUB_TINY is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +# CONFIG_SONY_LAPTOP is not set +CONFIG_SPARSEMEM_VMEMMAP_PREINIT=y +# CONFIG_SPEAKUP is not set +# CONFIG_SPI_ALTERA is not set +# CONFIG_SPI_AMD is not set +# CONFIG_SPI_AX88796C is not set +# CONFIG_SPI_AXI_SPI_ENGINE is not set +# CONFIG_SPI_BITBANG is not set +# CONFIG_SPI_BUTTERFLY is not set +# CONFIG_SPI_CADENCE is not set +# CONFIG_SPI_CH341 is not set +# CONFIG_SPI_DEBUG is not set +# CONFIG_SPI_DESIGNWARE is not set CONFIG_SPI_DYNAMIC=y +# CONFIG_SPI_GPIO is not set +# CONFIG_SPI_INTEL_PCI is not set +# CONFIG_SPI_INTEL_PLATFORM is not set +# CONFIG_SPI_LANTIQ_SSC is not set +# CONFIG_SPI_LM70_LLP is not set CONFIG_SPI_MASTER=y CONFIG_SPI_MEM=y +# CONFIG_SPI_MICROCHIP_CORE is not set +# CONFIG_SPI_MICROCHIP_CORE_QSPI is not set +# CONFIG_SPI_MUX is not set +# CONFIG_SPI_MXIC is not set +# CONFIG_SPI_OC_TINY is not set +# CONFIG_SPI_PCI1XXXX is not set +# CONFIG_SPI_PXA2XX is not set +# CONFIG_SPI_SC18IS602 is not set +# CONFIG_SPI_SIFIVE is not set CONFIG_SPI_SLAVE=y +# CONFIG_SPI_SLAVE_SYSTEM_CONTROL is not set +# CONFIG_SPI_SLAVE_TIME is not set +# CONFIG_SPI_SPIDEV is not set +# CONFIG_SPI_TLE62X0 is not set +# CONFIG_SPI_XCOMM is not set +# CONFIG_SPI_XILINX is not set +# CONFIG_SPI_ZYNQMP_GQSPI is not set CONFIG_SPLIT_PMD_PTLOCKS=y CONFIG_SPLIT_PTE_PTLOCKS=y CONFIG_SQUASHFS=y +# CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set CONFIG_SQUASHFS_CHOICE_DECOMP_BY_MOUNT=y CONFIG_SQUASHFS_DECOMP_MULTI=y CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y CONFIG_SQUASHFS_DECOMP_SINGLE=y +# CONFIG_SQUASHFS_EMBEDDED is not set +# CONFIG_SQUASHFS_FILE_CACHE is not set CONFIG_SQUASHFS_FILE_DIRECT=y +CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 CONFIG_SQUASHFS_LZ4=y CONFIG_SQUASHFS_LZO=y CONFIG_SQUASHFS_MOUNT_DECOMP_THREADS=y @@ -970,187 +2523,277 @@ CONFIG_SQUASHFS_XATTR=y CONFIG_SQUASHFS_XZ=y CONFIG_SQUASHFS_ZLIB=y CONFIG_SQUASHFS_ZSTD=y -CONFIG_SRAM=y -CONFIG_STACKPROTECTOR=y +# CONFIG_SSIF_IPMI_BMC is not set +CONFIG_STACKDEPOT_MAX_FRAMES=64 CONFIG_STACKPROTECTOR_STRONG=y CONFIG_STACK_TRACER=y -CONFIG_STACK_VALIDATION=y -CONFIG_STAGING=y CONFIG_STAGING_MEDIA=y +# CONFIG_STATIC_KEYS_SELFTEST is not set +# CONFIG_STMMAC_ETH is not set CONFIG_STREAM_PARSER=y CONFIG_STRICT_DEVMEM=y -CONFIG_SUN_PARTITION=y -CONFIG_SURFACE_PLATFORMS=y -CONFIG_SUSPEND=y +# CONFIG_SUNGEM is not set +# CONFIG_SURFACE3_WMI is not set +# CONFIG_SURFACE_3_POWER_OPREGION is not set +# CONFIG_SURFACE_AGGREGATOR is not set +# CONFIG_SURFACE_GPE is not set +# CONFIG_SURFACE_HOTPLUG is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set CONFIG_SUSPEND_FREEZER=y -CONFIG_SWIOTLB_DYNAMIC=y +# CONFIG_SUSPEND_SKIP_SYNC is not set CONFIG_SWIOTLB_XEN=y CONFIG_SW_SYNC=y -CONFIG_SYMBOLIC_ERRNAME=y +# CONFIG_SXGBE_ETH is not set CONFIG_SYNTH_EVENTS=y -CONFIG_SYSFB_SIMPLEFB=y -CONFIG_SYSTEM_BLACKLIST_KEYRING=y -CONFIG_SYSTEM_EXTRA_CERTIFICATE=y +# CONFIG_SYSTEM76_ACPI is not set +# CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE is not set +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_REVOCATION_KEYS="" CONFIG_SYSTEM_REVOCATION_LIST=y -CONFIG_SYSV68_PARTITION=y CONFIG_SYS_HYPERVISOR=y -CONFIG_TASKSTATS=y CONFIG_TASKS_RUDE_RCU=y CONFIG_TASK_DELAY_ACCT=y CONFIG_TASK_IO_ACCOUNTING=y CONFIG_TASK_XACCT=y +# CONFIG_TCG_TIS_SPI is not set +# CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TPM2_HMAC=y +# CONFIG_TCG_XEN is not set CONFIG_TCP_AO=y -CONFIG_TCP_CONG_ADVANCED=y -CONFIG_TCP_MD5SIG=y +# CONFIG_TCP_CONG_BBR is not set +CONFIG_TCP_CONG_BIC=y +# CONFIG_TCP_CONG_CDG is not set +# CONFIG_TCP_CONG_DCTCP is not set +# CONFIG_TCP_CONG_HSTCP is not set +CONFIG_TCP_CONG_HTCP=y +# CONFIG_TCP_CONG_HYBLA is not set +# CONFIG_TCP_CONG_ILLINOIS is not set +# CONFIG_TCP_CONG_LP is not set +# CONFIG_TCP_CONG_NV is not set +# CONFIG_TCP_CONG_SCALABLE is not set +# CONFIG_TCP_CONG_VEGAS is not set +# CONFIG_TCP_CONG_VENO is not set +CONFIG_TCP_CONG_WESTWOOD=y +# CONFIG_TCP_CONG_YEAH is not set CONFIG_TCP_SIGPOOL=y -CONFIG_THERMAL_EMULATION=y -CONFIG_THERMAL_GOV_BANG_BANG=y -CONFIG_THERMAL_GOV_FAIR_SHARE=y +# CONFIG_TEHUTI is not set +# CONFIG_TEHUTI_TN40 is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_BITOPS is not set +# CONFIG_TEST_CLOCKSOURCE_WATCHDOG is not set +# CONFIG_TEST_DHRY is not set +# CONFIG_TEST_DIV64 is not set +# CONFIG_TEST_DYNAMIC_DEBUG is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_FPU is not set +# CONFIG_TEST_FREE_PAGES is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_HMM is not set +# CONFIG_TEST_IDA is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_MAPLE_TREE is not set +# CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_MEMINIT is not set +# CONFIG_TEST_MIN_HEAP is not set +# CONFIG_TEST_MULDIV64 is not set +# CONFIG_TEST_REF_TRACKER is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_XARRAY is not set +# CONFIG_THERMAL_CORE_TESTING is not set +# CONFIG_THERMAL_DEBUGFS is not set +# CONFIG_THERMAL_DEFAULT_GOV_BANG_BANG is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set CONFIG_THERMAL_GOV_POWER_ALLOCATOR=y -CONFIG_THERMAL_GOV_USER_SPACE=y CONFIG_THERMAL_HWMON=y -CONFIG_THERMAL_NETLINK=y -CONFIG_THERMAL_STATISTICS=y +# CONFIG_THINKPAD_ACPI is not set CONFIG_THP_SWAP=y +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_RGX is not set +# CONFIG_THUNDER_NIC_VF is not set +CONFIG_TIGON3_HWMON=y CONFIG_TIMERLAT_TRACER=y -CONFIG_TMPFS_INODE64=y -CONFIG_TMPFS_POSIX_ACL=y -CONFIG_TMPFS_QUOTA=y -CONFIG_TOUCHSCREEN_ELAN=y +# CONFIG_TINYDRM_HX8357D is not set +# CONFIG_TINYDRM_ILI9163 is not set +# CONFIG_TINYDRM_ILI9225 is not set +# CONFIG_TINYDRM_ILI9341 is not set +# CONFIG_TINYDRM_ILI9486 is not set +# CONFIG_TINYDRM_MI0283QT is not set +# CONFIG_TINYDRM_REPAPER is not set +# CONFIG_TINYDRM_SHARP_MEMORY is not set +# CONFIG_TINYDRM_ST7586 is not set +# CONFIG_TINYDRM_ST7735R is not set +# CONFIG_TI_CPSW_PHY_SEL is not set +# CONFIG_TLAN is not set +# CONFIG_TOUCHSCREEN_88PM860X is not set +# CONFIG_TOUCHSCREEN_AD7877 is not set +# CONFIG_TOUCHSCREEN_ADS7846 is not set +# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set +# CONFIG_TOUCHSCREEN_CY8CTMG110 is not set +CONFIG_TOUCHSCREEN_DA9034=y +# CONFIG_TOUCHSCREEN_DA9052 is not set +# CONFIG_TOUCHSCREEN_GOODIX is not set +# CONFIG_TOUCHSCREEN_GOODIX_BERLIN_I2C is not set +# CONFIG_TOUCHSCREEN_GOODIX_BERLIN_SPI is not set +# CONFIG_TOUCHSCREEN_MSG2638 is not set +# CONFIG_TOUCHSCREEN_PCAP is not set +# CONFIG_TOUCHSCREEN_RM_TS is not set +# CONFIG_TOUCHSCREEN_SIS_I2C is not set +# CONFIG_TOUCHSCREEN_SURFACE3_SPI is not set +# CONFIG_TOUCHSCREEN_TSC2005 is not set +# CONFIG_TOUCHSCREEN_WM831X is not set +# CONFIG_TOUCHSCREEN_ZFORCE is not set +# CONFIG_TPS65010 is not set CONFIG_TRACEPOINTS=y +# CONFIG_TRACEPOINT_BENCHMARK is not set CONFIG_TRACER_MAX_TRACE=y CONFIG_TRACER_SNAPSHOT=y +# CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set CONFIG_TRACE_CLOCK=y +# CONFIG_TRACE_EVAL_MAP_FILE is not set CONFIG_TRACE_EVENT_INJECT=y CONFIG_TRACING=y CONFIG_TRACING_MAP=y -CONFIG_TRANSPARENT_HUGEPAGE=y +# CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y -CONFIG_TRUSTED_KEYS=y +# CONFIG_TRANSPARENT_HUGEPAGE_NEVER is not set CONFIG_TRUSTED_KEYS_TPM=y +CONFIG_TSM_REPORTS=y +# CONFIG_TSNEP is not set CONFIG_TTY_PRINTK=y -CONFIG_TWL4030_CORE=y -CONFIG_TWL6040_CORE=y -CONFIG_UBSAN=y +CONFIG_TTY_PRINTK_LEVEL=6 +# CONFIG_TULIP is not set +# CONFIG_TWL4030_WATCHDOG is not set +# CONFIG_TXGBE is not set +# CONFIG_UBSAN_ALIGNMENT is not set CONFIG_UBSAN_BOOL=y CONFIG_UBSAN_BOUNDS=y CONFIG_UBSAN_BOUNDS_STRICT=y +# CONFIG_UBSAN_DIV_ZERO is not set CONFIG_UBSAN_ENUM=y CONFIG_UBSAN_SHIFT=y -CONFIG_UBSAN_SIGNED_WRAP=y -CONFIG_UCLAMP_TASK=y +# CONFIG_UBSAN_TRAP is not set +CONFIG_UCLAMP_BUCKETS_COUNT=5 CONFIG_UCLAMP_TASK_GROUP=y -CONFIG_UDMABUF=y CONFIG_UEFI_CPER=y CONFIG_UEFI_CPER_X86=y -CONFIG_UEVENT_HELPER=y -CONFIG_ULTRIX_PARTITION=y -CONFIG_UNICODE=y +CONFIG_UEVENT_HELPER_PATH="" +# CONFIG_UFS_FS is not set +# CONFIG_ULI526X is not set CONFIG_UNION_FIND=y -CONFIG_UNIXWARE_DISKLABEL=y CONFIG_UPROBES=y CONFIG_UPROBE_EVENTS=y -CONFIG_USB_ANNOUNCE_NEW_DEVICES=y -CONFIG_USB_DEFAULT_PERSIST=y -CONFIG_USB_DWC2=y +# CONFIG_USB_CONN_GPIO is not set +CONFIG_USB_DEFAULT_AUTHORIZATION_MODE=1 +# CONFIG_USB_DWC2_DEBUG is not set CONFIG_USB_DWC2_HOST=y -CONFIG_USB_DYNAMIC_MINORS=y -CONFIG_USB_EHCI_HCD_PLATFORM=y +# CONFIG_USB_DWC2_PCI is not set +# CONFIG_USB_DWC2_TRACK_MISSED_SOFS is not set CONFIG_USB_EHCI_PCI=y -CONFIG_USB_EHCI_TT_NEWSCHED=y -CONFIG_USB_LED_TRIG=y +# CONFIG_USB_GPIO_VBUS is not set +# CONFIG_USB_HSO is not set +# CONFIG_USB_LJCA is not set +# CONFIG_USB_MAX3421_HCD is not set CONFIG_USB_OHCI_HCD_PCI=y -CONFIG_USB_OHCI_HCD_PLATFORM=y -CONFIG_USB_PCI=y +# CONFIG_USB_OTG_DISABLE_EXTERNAL_HUB is not set CONFIG_USB_PCI_AMD=y -CONFIG_USB_ROLE_SWITCH=y +# CONFIG_USB_PULSE8_CEC is not set +# CONFIG_USB_RAINSHADOW_CEC is not set +# CONFIG_USB_ROLES_INTEL_XHCI is not set CONFIG_USB_UHCI_HCD=y -CONFIG_USB_XHCI_DBGCAP=y +# CONFIG_USB_XEN_HCD is not set CONFIG_USB_XHCI_PCI=y -CONFIG_USELIB=y -CONFIG_USERFAULTFD=y CONFIG_USER_DECRYPTED_DATA=y CONFIG_USER_EVENTS=y CONFIG_USE_PERCPU_NUMA_NODE_ID=y CONFIG_USE_X86_SEG_SUPPORT=y -CONFIG_VALIDATE_FS_PARSER=y +CONFIG_UV_MMTIMER=y +# CONFIG_UV_SYSFS is not set CONFIG_VCAP=y CONFIG_VDSO_GETRANDOM=y -CONFIG_VGA_SWITCHEROO=y -CONFIG_VHOST_MENU=y +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_VSOCK is not set +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set CONFIG_VIDEO=y -CONFIG_VIRTIO_IOMMU=y -CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +# CONFIG_VIRTIO_DEBUG is not set +# CONFIG_VIRTIO_MEM is not set CONFIG_VIRTIO_PCI_ADMIN_LEGACY=y -CONFIG_VIRTIO_PCI_LEGACY=y CONFIG_VIRTIO_PCI_LIB_LEGACY=y -CONFIG_VIRTUALIZATION=y +# CONFIG_VIRTIO_PMEM is not set CONFIG_VIRT_CPU_ACCOUNTING=y -CONFIG_VIRT_CPU_ACCOUNTING_GEN=y -CONFIG_VMAP_STACK=y CONFIG_VMCORE_INFO=y CONFIG_VME_BUS=y +# CONFIG_VME_FAKE is not set +# CONFIG_VME_TSI148 is not set +# CONFIG_VME_USER is not set CONFIG_VMLINUX_MAP=y CONFIG_VT_CONSOLE_SLEEP=y -CONFIG_WAN=y +# CONFIG_VXFS_FS is not set CONFIG_WANT_DEV_COREDUMP=y -CONFIG_WATCHDOG_CORE=y -CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y CONFIG_WATCHDOG_PRETIMEOUT_DEFAULT_GOV_NOOP=y +# CONFIG_WATCHDOG_PRETIMEOUT_DEFAULT_GOV_PANIC is not set CONFIG_WATCHDOG_PRETIMEOUT_GOV=y CONFIG_WATCHDOG_PRETIMEOUT_GOV_NOOP=y -CONFIG_WATCHDOG_SYSFS=y -CONFIG_WATCH_QUEUE=y -CONFIG_WLAN_VENDOR_ADMTEK=y -CONFIG_WLAN_VENDOR_ATMEL=y -CONFIG_WLAN_VENDOR_BROADCOM=y -CONFIG_WLAN_VENDOR_INTEL=y -CONFIG_WLAN_VENDOR_INTERSIL=y -CONFIG_WLAN_VENDOR_MARVELL=y -CONFIG_WLAN_VENDOR_MEDIATEK=y -CONFIG_WLAN_VENDOR_MICROCHIP=y -CONFIG_WLAN_VENDOR_PURELIFI=y -CONFIG_WLAN_VENDOR_QUANTENNA=y -CONFIG_WLAN_VENDOR_RALINK=y -CONFIG_WLAN_VENDOR_REALTEK=y -CONFIG_WLAN_VENDOR_RSI=y -CONFIG_WLAN_VENDOR_SILABS=y -CONFIG_WLAN_VENDOR_ST=y -CONFIG_WLAN_VENDOR_TI=y -CONFIG_WLAN_VENDOR_ZYDAS=y -CONFIG_WQ_CPU_INTENSIVE_REPORT=y -CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y -CONFIG_X86_5LEVEL=y +CONFIG_WATCHDOG_PRETIMEOUT_GOV_PANIC=y +CONFIG_WATCHDOG_PRETIMEOUT_GOV_SEL=y +# CONFIG_WFX is not set +# CONFIG_WILC1000_SDIO is not set +# CONFIG_WILC1000_SPI is not set +# CONFIG_WINBOND_840 is not set +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_WL1251 is not set +# CONFIG_WL12XX is not set +# CONFIG_WL18XX is not set +# CONFIG_WLCORE is not set +# CONFIG_WM831X_BACKUP is not set +# CONFIG_WM831X_POWER is not set +# CONFIG_WM831X_WATCHDOG is not set +# CONFIG_WM8350_POWER is not set +# CONFIG_WM8350_WATCHDOG is not set CONFIG_X86_64_ACPI_NUMA=y -CONFIG_X86_ACPI_CPUFREQ_CPB=y -CONFIG_X86_AMD_PSTATE=y +CONFIG_X86_AMD_PSTATE_DEFAULT_MODE=3 +# CONFIG_X86_ANDROID_TABLETS is not set CONFIG_X86_BUS_LOCK_DETECT=y CONFIG_X86_CET=y -CONFIG_X86_CPU_RESCTRL=y -CONFIG_X86_DEBUG_FPU=y +# CONFIG_X86_CPA_STATISTICS is not set +CONFIG_X86_CX8=y +CONFIG_X86_DISABLED_FEATURE_CENTAUR_MCR=y +CONFIG_X86_DISABLED_FEATURE_CYRIX_ARR=y +CONFIG_X86_DISABLED_FEATURE_IBT=y +CONFIG_X86_DISABLED_FEATURE_K6_MTRR=y +CONFIG_X86_DISABLED_FEATURE_LAM=y +CONFIG_X86_DISABLED_FEATURE_SEV_SNP=y +CONFIG_X86_DISABLED_FEATURE_VME=y CONFIG_X86_FRED=y CONFIG_X86_HAVE_PAE=y -CONFIG_X86_INTEL_LPSS=y -CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y -CONFIG_X86_IOPL_IOPERM=y -CONFIG_X86_MCELOG_LEGACY=y -CONFIG_X86_MPPARSE=y +# CONFIG_X86_MCE_INJECT is not set CONFIG_X86_NEED_RELOCS=y CONFIG_X86_NUMACHIP=y -CONFIG_X86_PCC_CPUFREQ=y -CONFIG_X86_PLATFORM_DRIVERS_DELL=y -CONFIG_X86_PLATFORM_DRIVERS_HP=y -CONFIG_X86_PMEM_LEGACY=y CONFIG_X86_PMEM_LEGACY_DEVICE=y -CONFIG_X86_POWERNOW_K8=y -CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y -CONFIG_X86_SGX=y -CONFIG_X86_SPEEDSTEP_CENTRINO=y -CONFIG_X86_USER_SHADOW_STACK=y +# CONFIG_X86_POSTED_MSI is not set +CONFIG_X86_REQUIRED_FEATURE_ALWAYS=y +CONFIG_X86_REQUIRED_FEATURE_CMOV=y +CONFIG_X86_REQUIRED_FEATURE_CPUID=y +CONFIG_X86_REQUIRED_FEATURE_CX8=y +CONFIG_X86_REQUIRED_FEATURE_FPU=y +CONFIG_X86_REQUIRED_FEATURE_FXSR=y +CONFIG_X86_REQUIRED_FEATURE_LM=y +CONFIG_X86_REQUIRED_FEATURE_MSR=y +CONFIG_X86_REQUIRED_FEATURE_NOPL=y +CONFIG_X86_REQUIRED_FEATURE_PAE=y +CONFIG_X86_REQUIRED_FEATURE_XMM=y +CONFIG_X86_REQUIRED_FEATURE_XMM2=y CONFIG_X86_UV=y CONFIG_XARRAY_MULTI=y -CONFIG_XDP_SOCKETS=y -CONFIG_XEN=y +# CONFIG_XDP_SOCKETS_DIAG is not set +CONFIG_XENFS=y CONFIG_XEN_512GB=y CONFIG_XEN_ACPI=y CONFIG_XEN_ACPI_PROCESSOR=y @@ -1158,16 +2801,33 @@ CONFIG_XEN_AUTO_XLATE=y CONFIG_XEN_BACKEND=y CONFIG_XEN_BALLOON=y CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y +# CONFIG_XEN_BLKDEV_BACKEND is not set CONFIG_XEN_BLKDEV_FRONTEND=y +CONFIG_XEN_COMPAT_XENFS=y +# CONFIG_XEN_DEBUG_FS is not set +CONFIG_XEN_DEV_EVTCHN=y CONFIG_XEN_DOM0=y CONFIG_XEN_EFI=y +CONFIG_XEN_FBDEV_FRONTEND=y +CONFIG_XEN_GNTDEV=y +# CONFIG_XEN_GNTDEV_DMABUF is not set +CONFIG_XEN_GRANT_DEV_ALLOC=y CONFIG_XEN_GRANT_DMA_ALLOC=y CONFIG_XEN_GRANT_DMA_OPS=y CONFIG_XEN_HAVE_PVMMU=y CONFIG_XEN_HAVE_VPMU=y CONFIG_XEN_MCE_LOG=y +CONFIG_XEN_MEMORY_HOTPLUG_LIMIT=512 +# CONFIG_XEN_NETDEV_BACKEND is not set CONFIG_XEN_NETDEV_FRONTEND=y +CONFIG_XEN_PCIDEV_BACKEND=y +CONFIG_XEN_PCIDEV_FRONTEND=y +CONFIG_XEN_PCI_STUB=y +CONFIG_XEN_PRIVCMD=y +# CONFIG_XEN_PRIVCMD_EVENTFD is not set CONFIG_XEN_PV=y +# CONFIG_XEN_PVCALLS_BACKEND is not set +# CONFIG_XEN_PVCALLS_FRONTEND is not set CONFIG_XEN_PVH=y CONFIG_XEN_PVHVM=y CONFIG_XEN_PVHVM_GUEST=y @@ -1177,12 +2837,18 @@ CONFIG_XEN_PV_MSR_SAFE=y CONFIG_XEN_PV_SMP=y CONFIG_XEN_SAVE_RESTORE=y CONFIG_XEN_SCRUB_PAGES_DEFAULT=y +# CONFIG_XEN_SCSI_FRONTEND is not set +CONFIG_XEN_SYMS=y CONFIG_XEN_SYS_HYPERVISOR=y CONFIG_XEN_UNPOPULATED_ALLOC=y CONFIG_XEN_VIRTIO=y +# CONFIG_XEN_VIRTIO_FORCE_GRANT is not set +# CONFIG_XEN_WDT is not set CONFIG_XEN_XENBUS_FRONTEND=y -CONFIG_XXHASH=y -CONFIG_XZ_DEC=y +# CONFIG_XILINX_DMA is not set +# CONFIG_XILINX_EMACLITE is not set +# CONFIG_XILINX_LL_TEMAC is not set +# CONFIG_XILINX_XDMA is not set CONFIG_XZ_DEC_ARM=y CONFIG_XZ_DEC_ARM64=y CONFIG_XZ_DEC_ARMTHUMB=y @@ -1191,26 +2857,28 @@ CONFIG_XZ_DEC_MICROLZMA=y CONFIG_XZ_DEC_POWERPC=y CONFIG_XZ_DEC_RISCV=y CONFIG_XZ_DEC_SPARC=y +# CONFIG_XZ_DEC_TEST is not set CONFIG_XZ_DEC_X86=y -CONFIG_ZBUD=y -CONFIG_ZERO_CALL_USED_REGS=y +# CONFIG_YELLOWFIN is not set +# CONFIG_YT2_1380 is not set +# CONFIG_ZD1211RW is not set CONFIG_ZLIB_DEFLATE=y +# CONFIG_ZONEFS_FS is not set CONFIG_ZONE_DEVICE=y CONFIG_ZPOOL=y +# CONFIG_ZRAM is not set CONFIG_ZSMALLOC=y -CONFIG_ZSTD_COMMON=y +CONFIG_ZSMALLOC_CHAIN_SIZE=8 +# CONFIG_ZSMALLOC_STAT is not set CONFIG_ZSTD_COMPRESS=y -CONFIG_ZSTD_DECOMPRESS=y -CONFIG_ZSWAP=y +CONFIG_ZSWAP_COMPRESSOR_DEFAULT="lzo" +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_842 is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_DEFLATE is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZ4 is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZ4HC is not set CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZO=y +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD is not set +# CONFIG_ZSWAP_DEFAULT_ON is not set CONFIG_ZSWAP_SHRINKER_DEFAULT_ON=y -CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y - -# Summary: -# Ubuntu config has 2134 enabled parameters -# Yocto config has 1160 enabled parameters -# Need to add 1207 parameters to Yocto config -# -# Breakdown: -# - 551 parameters exist in Yocto but are disabled -# - 656 parameters are completely new to Yocto (likely introduced in 6.9-6.13) +CONFIG_ZSWAP_ZPOOL_DEFAULT="zsmalloc" +CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC=y From 7ad92884ecb1fbb7ae1e9726f66e9dacafb360c5 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 11 Nov 2025 11:54:14 +0100 Subject: [PATCH 11/33] feat: allow modular kernel config snippets --- kernel/mkosi.build | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/kernel/mkosi.build b/kernel/mkosi.build index 808485b..c6e69f2 100755 --- a/kernel/mkosi.build +++ b/kernel/mkosi.build @@ -15,9 +15,20 @@ if [[ -n "${KERNEL_CONFIG_SNIPPETS:-}" ]]; then IFS=',' read -ra snippets <<< "$KERNEL_CONFIG_SNIPPETS" for snippet in "${snippets[@]}"; do snippet_file="$SRCDIR/$snippet" - [[ -f "$snippet_file" ]] && cat "$snippet_file" >> "$config_file" + if [[ -f "$snippet_file" ]]; then + cat "$snippet_file" >> "$config_file" || true + fi done fi +for snippets_var in "${!KERNEL_CONFIG_SNIPPETS_@}"; do + IFS=',' read -ra snippets <<< "${!snippets_var}" + for snippet in "${snippets[@]}"; do + snippet_file="$SRCDIR/$snippet" + if [[ -f "$snippet_file" ]]; then + cat "$snippet_file" >> "$config_file" || true + fi + done +done # Calculate cache key and paths config_hash=$(sha256sum "$config_file" | cut -d' ' -f1 | cut -c1-12) @@ -43,6 +54,9 @@ else mkosi-chroot --chdir "/build/kernel-${KERNEL_VERSION}" make olddefconfig mkosi-chroot --chdir "/build/kernel-${KERNEL_VERSION}" make -j "$(nproc 2>/dev/null || echo 2)" bzImage ARCH=x86_64 CONFIG_EFI_STUB=y + echo "# kernel config:" + mkosi-chroot --chdir "/build/kernel-${KERNEL_VERSION}" cat .config + # Cache result mkdir -p "$cache_dir" cp arch/x86_64/boot/bzImage "$cache_dir/" From 9c28591802d6a60de0dacebda2ee0b7f1fcd6faf Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 11 Nov 2025 11:55:07 +0100 Subject: [PATCH 12/33] feat: add reproducibility check --- .gitignore | 1 + Makefile | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/.gitignore b/.gitignore index 34c4139..6cbb6ef 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ # mkosi artifacts build/ +build.*/ env.json mkosi.builddir/ mkosi.cache/ diff --git a/Makefile b/Makefile index 2176715..f177a7b 100644 --- a/Makefile +++ b/Makefile @@ -50,6 +50,38 @@ build-dev: check-perms setup ## Build module with development tools ##@ Utilities +check-repro: ## Build same module twice and compare resulting images + @rm -rf build.1 + @rm -rf build.2 + + @rm -rf build/* mkosi.builddir/* mkosi.cache/* mkosi.packages/* + @sleep 5 + + @echo "Building image #1..." + $(WRAPPER) mkosi --force -I $(IMAGE).conf + @cp -r build build.1 + + @rm -rf build/* mkosi.builddir/* mkosi.cache/* mkosi.packages/* + @sleep 5 + + @echo "Building image #2..." + $(WRAPPER) mkosi --force -I $(IMAGE).conf + @cp -r build build.2 + + @echo "Comparing..." + + @echo "" + @sha256sum build.1/tdx-debian.vmlinuz + @sha256sum build.2/tdx-debian.vmlinuz + + @echo "" + @sha256sum build.1/tdx-debian.initrd + @sha256sum build.2/tdx-debian.initrd + + @echo "" + @sha256sum build.1/tdx-debian.efi + @sha256sum build.2/tdx-debian.efi + measure: ## Export TDX measurements for the built EFI file @if [ ! -f build/tdx-debian.efi ]; then \ echo "Error: build/tdx-debian.efi not found. Run 'make build' first."; \ From e85b24dc5beda08bfd0fa1a44ef2f13c494a4999 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 11 Nov 2025 11:55:39 +0100 Subject: [PATCH 13/33] feat: implement base l2 image --- l2/kernel.config | 2 -- l2/mkosi.conf | 2 +- mkosi.profiles/gcp/kernel.config | 2 ++ mkosi.profiles/gcp/mkosi.conf | 3 +++ 4 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 mkosi.profiles/gcp/kernel.config diff --git a/l2/kernel.config b/l2/kernel.config index 556a833..32f7f6d 100644 --- a/l2/kernel.config +++ b/l2/kernel.config @@ -1,3 +1 @@ -CONFIG_NET_VENDOR_GOOGLE=y -CONFIG_GVE=y CONFIG_XFS_FS=y diff --git a/l2/mkosi.conf b/l2/mkosi.conf index 1b42627..0a9ca2b 100644 --- a/l2/mkosi.conf +++ b/l2/mkosi.conf @@ -5,7 +5,7 @@ Include=base/mkosi.conf Profiles=gcp [Build] -Environment=KERNEL_CONFIG_SNIPPETS=kernel/snippets/ubuntu.config,l2/kernel.config +Environment=KERNEL_CONFIG_SNIPPETS_L2=kernel/snippets/ubuntu.config,l2/kernel.config WithNetwork=true [Content] diff --git a/mkosi.profiles/gcp/kernel.config b/mkosi.profiles/gcp/kernel.config new file mode 100644 index 0000000..f87a006 --- /dev/null +++ b/mkosi.profiles/gcp/kernel.config @@ -0,0 +1,2 @@ +CONFIG_NET_VENDOR_GOOGLE=y +CONFIG_GVE=y diff --git a/mkosi.profiles/gcp/mkosi.conf b/mkosi.profiles/gcp/mkosi.conf index 344c421..ce03a5a 100644 --- a/mkosi.profiles/gcp/mkosi.conf +++ b/mkosi.profiles/gcp/mkosi.conf @@ -1,3 +1,6 @@ +[Build] +Environment=KERNEL_CONFIG_SNIPPETS_GCP=mkosi.profiles/gcp/kernel.config + [Content] ExtraTrees=mkosi.extra From 77f5ff33089c17d6b5932e2a50f781ec837692e2 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Wed, 12 Nov 2025 09:59:34 +0100 Subject: [PATCH 14/33] fix: build profile-less base --- Makefile | 8 ++++++-- base/debloat.sh | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index f177a7b..e91df80 100644 --- a/Makefile +++ b/Makefile @@ -55,14 +55,18 @@ check-repro: ## Build same module twice and compare resulting images @rm -rf build.2 @rm -rf build/* mkosi.builddir/* mkosi.cache/* mkosi.packages/* - @sleep 5 +# hack: there's some race condition under lima that causes apt to fail while trying to +# create a temp dir under apt cache + @sleep 15 @echo "Building image #1..." $(WRAPPER) mkosi --force -I $(IMAGE).conf @cp -r build build.1 @rm -rf build/* mkosi.builddir/* mkosi.cache/* mkosi.packages/* - @sleep 5 +# hack: there's some race condition under lima that causes apt to fail while trying to +# create a temp dir under apt cache + @sleep 15 @echo "Building image #2..." $(WRAPPER) mkosi --force -I $(IMAGE).conf diff --git a/base/debloat.sh b/base/debloat.sh index 89a3b10..1906010 100755 --- a/base/debloat.sh +++ b/base/debloat.sh @@ -39,7 +39,7 @@ debloat_paths=( "/nix" ) -if [[ ! "$PROFILES" == *"devtools"* ]]; then +if [[ ! "${PROFILES:-}" == *"devtools"* ]]; then debloat_paths+=( "/usr/share/bash-completion" ) From 427002a9289fdabde09b16c04a536d31e2eddd2d Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Thu, 13 Nov 2025 17:35:28 +0100 Subject: [PATCH 15/33] feat: implement op-rbuilder image --- Makefile | 33 +++-- README.md | 7 +- l2-builder.conf | 6 + l2/_op_rbuilder/mkosi.build | 73 +++++++++++ l2/_op_rbuilder/mkosi.conf | 17 +++ .../etc/default/prometheus-node-exporter | 7 ++ .../etc/flashbots/op-rbuilder.yaml | 14 +++ .../prometheus-process-exporter/config.yaml | 13 ++ .../etc/sysconfig/automount-data.env | 1 + .../systemd/system/node-healthchecker.service | 25 ++++ .../systemd/system/tdx-quote-provider.service | 26 ++++ .../vault-agent/gomplate/discovery-secret.hcl | 29 +++++ .../etc/vault-agent/gomplate/genesis.json.hcl | 31 +++++ .../etc/vault-agent/gomplate/jwtsecret.hcl | 16 +++ .../vault-agent/gomplate/op-rbuilder.env.hcl | 48 ++++++++ .../gomplate/op-rbuilder.service.ctmpl | 116 ++++++++++++++++++ .../gomplate/op-rbuilder.service.hcl | 33 +++++ .../vault-agent/gomplate/rproxy-tls.crt.hcl | 28 +++++ .../vault-agent/gomplate/rproxy-tls.key.hcl | 28 +++++ .../vault-agent/gomplate/rproxy.service.ctmpl | 75 +++++++++++ .../vault-agent/gomplate/rproxy.service.hcl | 23 ++++ .../mkosi.extra/usr/bin/init-op-rbuilder.sh | 34 +++++ l2/_op_rbuilder/mkosi.postinst | 7 ++ l2/mkosi.build | 26 ++-- l2/mkosi.extra/etc/flashbots/l2.yaml | 12 +- .../etc/vault-agent/gomplate/config.hcl | 2 +- l2/mkosi.extra/usr/bin/automount-data.sh | 7 +- l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh | 2 +- l2/op-rbuilder.conf | 3 + scripts/build_rust_package.sh | 3 +- scripts/make_git_package.sh | 25 ++-- 31 files changed, 713 insertions(+), 57 deletions(-) create mode 100644 l2-builder.conf create mode 100755 l2/_op_rbuilder/mkosi.build create mode 100644 l2/_op_rbuilder/mkosi.conf create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/default/prometheus-node-exporter create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/prometheus-process-exporter/config.yaml create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/sysconfig/automount-data.env create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/systemd/system/tdx-quote-provider.service create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/discovery-secret.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/genesis.json.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/jwtsecret.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.env.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.crt.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.key.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl create mode 100755 l2/_op_rbuilder/mkosi.extra/usr/bin/init-op-rbuilder.sh create mode 100755 l2/_op_rbuilder/mkosi.postinst mode change 100644 => 100755 l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh create mode 100644 l2/op-rbuilder.conf diff --git a/Makefile b/Makefile index e91df80..34996bc 100644 --- a/Makefile +++ b/Makefile @@ -42,11 +42,11 @@ preflight: # Build module build: check-perms setup ## Build the specified module - $(WRAPPER) mkosi --force -I $(IMAGE).conf + time $(WRAPPER) mkosi --force -I $(IMAGE).conf # Build module with devtools profile build-dev: check-perms setup ## Build module with development tools - $(WRAPPER) mkosi --force --profile=devtools -I $(IMAGE).conf + time $(WRAPPER) mkosi --force --profile=devtools -I $(IMAGE).conf ##@ Utilities @@ -60,8 +60,10 @@ check-repro: ## Build same module twice and compare resulting images @sleep 15 @echo "Building image #1..." - $(WRAPPER) mkosi --force -I $(IMAGE).conf - @cp -r build build.1 + time $(WRAPPER) mkosi --force -I $(IMAGE).conf + @mkdir -p build/cache + @mv mkosi.builddir/* build/cache/ + @mv build build.1 @rm -rf build/* mkosi.builddir/* mkosi.cache/* mkosi.packages/* # hack: there's some race condition under lima that causes apt to fail while trying to @@ -69,22 +71,17 @@ check-repro: ## Build same module twice and compare resulting images @sleep 15 @echo "Building image #2..." - $(WRAPPER) mkosi --force -I $(IMAGE).conf - @cp -r build build.2 + time $(WRAPPER) mkosi --force -I $(IMAGE).conf + @mkdir -p build/cache + @mv mkosi.builddir/* build/cache/ + @mv build build.2 @echo "Comparing..." - - @echo "" - @sha256sum build.1/tdx-debian.vmlinuz - @sha256sum build.2/tdx-debian.vmlinuz - - @echo "" - @sha256sum build.1/tdx-debian.initrd - @sha256sum build.2/tdx-debian.initrd - - @echo "" - @sha256sum build.1/tdx-debian.efi - @sha256sum build.2/tdx-debian.efi + @for file in $$( find build.1 -type f ); do \ + sha256sum $$file; \ + sha256sum $${file/build1/build.2}; \ + echo ""; \ + done measure: ## Export TDX measurements for the built EFI file @if [ ! -f build/tdx-debian.efi ]; then \ diff --git a/README.md b/README.md index 53cc573..1662692 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,10 @@ For more information about this repository, see ### Prerequisites -In order to build images, you'll need to install [Lima](https://lima-vm.io/) for your operating system. Building images without Lima is possible, but due to inconsistencies between distributions, it is not supported for generating official reproducible images. +In order to build images, you'll need to install [Lima](https://lima-vm.io/) for +your operating system. Building images without Lima is possible, but due to +inconsistencies between distributions, it is not supported for generating +official reproducible images. ### Building Images @@ -94,7 +97,7 @@ This generates measurement files in the `build/` directory for attestation and v ``` > [!NOTE] -> +> > Depending on your Linux distro, these commands may require changing the > supplied OVMF paths or installing your distro's OVMF package. diff --git a/l2-builder.conf b/l2-builder.conf new file mode 100644 index 0000000..c6d33f3 --- /dev/null +++ b/l2-builder.conf @@ -0,0 +1,6 @@ +[Include] +Include=base/mkosi.conf +Include=l2/l2-builder.conf + +[Config] +Profiles=gcp diff --git a/l2/_op_rbuilder/mkosi.build b/l2/_op_rbuilder/mkosi.build new file mode 100755 index 0000000..8c5d7a1 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.build @@ -0,0 +1,73 @@ +#!/bin/bash + +set -euxo pipefail + +ENV_YAML="$SRCDIR/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml" + +RUST_VERSION=$(mkosi-chroot yq -r .rust.version < "$ENV_YAML") + +OP_RBUILDER_REF=$(mkosi-chroot yq -r .op_rbuilder.git_reference < "$ENV_YAML") +TDX_QUOTE_PROVIDER_REF=$(mkosi-chroot yq -r .tdx_quote_provider.git_reference < "$ENV_YAML") +RPROXY_REF=$(mkosi-chroot yq -r .rproxy.git_reference < "$ENV_YAML") +NODE_HEALTHCHECKER_REF=$(mkosi-chroot yq -r .node_healthchecker.git_reference < "$ENV_YAML") + +export RUSTUP_HOME="/rustup" +export CARGO_HOME="/cargo" +mkosi-chroot rustup toolchain install $RUST_VERSION +mkosi-chroot rustup default $RUST_VERSION +export PATH="$CARGO_HOME/bin:$PATH" + +source scripts/make_git_package.sh +source scripts/build_rust_package.sh + +# build op-rbuilder + +if [ -f "l2/_op_rbuilder/mkosi.extra/usr/bin/op-rbuilder" ]; then + echo "Using pre-built op-rbuilder binary" +else + build_rust_package \ + "op-rbuilder" \ + "${OP_RBUILDER_REF}" \ + "https://github.com/flashbots/op-rbuilder.git" \ + "" "" "-g" +fi + +# build tdx-quote-provider + +if [ -f "l2/_op_rbuilder/mkosi.extra/usr/bin/tdx-quote-provider" ]; then + echo "Using pre-built tdx-quote-provider binary" +else + build_rust_package \ + "tdx-quote-provider" \ + "${TDX_QUOTE_PROVIDER_REF}" \ + "https://github.com/flashbots/op-rbuilder.git" \ + "" "" "-g" +fi + +# build rproxy + +if [ -f "l2/_op_rbuilder/mkosi.extra/usr/bin/rproxy" ]; then + echo "Using pre-built rproxy binary" +else + make_git_package \ + "rproxy" \ + "${RPROXY_REF}" \ + "https://github.com/flashbots/rproxy.git" \ + 'TARGET=x86_64-unknown-linux-gnu ./build.sh' \ + "target/x86_64-unknown-linux-gnu/release/rproxy:/usr/bin/rproxy" + chmod +x $DESTDIR/usr/bin/rproxy +fi + +# build node-healthchecker + +if [ -f "l2/mkosi.extra/usr/bin/node-healthchecker" ]; then + echo "Using pre-built node-healthchecker binary" +else + make_git_package \ + "node-healthchecker" \ + "${NODE_HEALTHCHECKER_REF}" \ + "https://github.com/flashbots/node-healthchecker.git" \ + 'go build -trimpath -ldflags "-s -w -X main.version=${NODE_HEALTHCHECKER_REF} -buildid=" -o ./bin/node-healthchecker github.com/flashbots/node-healthchecker/cmd' \ + "bin/node-healthchecker:/usr/bin/node-healthchecker" + chmod +x $DESTDIR/usr/bin/node-healthchecker +fi diff --git a/l2/_op_rbuilder/mkosi.conf b/l2/_op_rbuilder/mkosi.conf new file mode 100644 index 0000000..0e3d966 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.conf @@ -0,0 +1,17 @@ +[Build] +WithNetwork=true + +[Content] +BuildScripts=l2/_op_rbuilder/mkosi.build +ExtraTrees=l2/_op_rbuilder/mkosi.extra +PostInstallationScripts=l2/_op_rbuilder/mkosi.postinst + +Packages=libtss2-dev + sudo + unzip + +BuildPackages=golang + libssl-dev + rustup + unzip + yq diff --git a/l2/_op_rbuilder/mkosi.extra/etc/default/prometheus-node-exporter b/l2/_op_rbuilder/mkosi.extra/etc/default/prometheus-node-exporter new file mode 100644 index 0000000..5f6e858 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/default/prometheus-node-exporter @@ -0,0 +1,7 @@ +# Set the command-line arguments to pass to the server. +ARGS="\ +--collector.systemd \ +--collector.systemd.unit-include=\".*(node-healthchecker|op-rbuilder|prometheus-node-exporter|prometheus-process-exporter|rproxy|vault-agent).*\" \ +--log.format=json \ +--web.listen-address=0.0.0.0:9100 \ +" diff --git a/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml b/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml new file mode 100644 index 0000000..9d0a3f5 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml @@ -0,0 +1,14 @@ +rust: + version: 1.91.1 + +node_healthchecker: + git_reference: v0.1.11 + +op_rbuilder: + git_reference: op-rbuilder/v0.2.9 + +rproxy: + git_reference: v0.0.6 + +tdx_quote_provider: + git_reference: tdx-quote-provider/v0.1.0 diff --git a/l2/_op_rbuilder/mkosi.extra/etc/prometheus-process-exporter/config.yaml b/l2/_op_rbuilder/mkosi.extra/etc/prometheus-process-exporter/config.yaml new file mode 100644 index 0000000..4e58d4d --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/prometheus-process-exporter/config.yaml @@ -0,0 +1,13 @@ +process_names: + - name: node-healthchecker + cmdline: + - '^\/([-.0-9a-zA-Z]+\/)*node-healthchecker[-.0-9a-zA-Z]* ' + - name: op-rbuilder + cmdline: + - '^\/([-.0-9a-zA-Z]+\/)*op-rbuilder[-.0-9a-zA-Z]* ' + - name: rproxy + cmdline: + - '^\/([-.0-9a-zA-Z]+\/)*rproxy[-.0-9a-zA-Z]* ' + - name: vault-agent + cmdline: + - '^\/([-.0-9a-zA-Z]+\/)*vault[-.0-9a-zA-Z]* ' diff --git a/l2/_op_rbuilder/mkosi.extra/etc/sysconfig/automount-data.env b/l2/_op_rbuilder/mkosi.extra/etc/sysconfig/automount-data.env new file mode 100644 index 0000000..2963c60 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/sysconfig/automount-data.env @@ -0,0 +1 @@ +AUTOMOUNT_PATH_DATA=/var/opt/optimism diff --git a/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service b/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service new file mode 100644 index 0000000..35ef612 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service @@ -0,0 +1,25 @@ +[Unit] +Description=Blockchain node healthchecker +After=network.target +Wants=network.target + +[Service] +Type=simple +SyslogIdentifier=node-healthchecker +User=op-rbuilder +Group=optimism + +Restart=always +RestartSec=5 +TimeoutStopSec=60 + +ExecStart=/usr/bin/node-healthchecker serve \ + --healthcheck-block-age-threshold 10s \ + --healthcheck-timeout 500ms \ + --healthcheck-reth-base-url http://127.0.0.1:18645 \ + --healthcheck-unconditional-fail-duration 1m \ + --http-status-warning 200 \ + --server-listen-address 0.0.0.0:8080 + +[Install] +WantedBy=default.target diff --git a/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/tdx-quote-provider.service b/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/tdx-quote-provider.service new file mode 100644 index 0000000..e9aa03f --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/tdx-quote-provider.service @@ -0,0 +1,26 @@ +[Install] +WantedBy=default.target + +[Unit] +Description=TDX quote provider +After=network.target +Wants=network.target + +[Service] +Type=simple +SyslogIdentifier=tdx-quote-provider +User=root +Group=root + +Restart=always +RestartSec=5 +TimeoutStopSec=60 + +ExecStart=/usr/bin/tdx-quote-provider \ + --service-host 127.0.0.1 \ + --service-port 5757 \ + --metrics \ + --metrics-host 0.0.0.0 \ + --metrics-port 9009 \ + --log-level trace \ + --log-format json diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/discovery-secret.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/discovery-secret.hcl new file mode 100644 index 0000000..396f56c --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/discovery-secret.hcl @@ -0,0 +1,29 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/var/opt/optimism/rbuilder/discovery-secret" + + user = "op-rbuilder" + group = "optimism" + perms = "0600" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + # discovery-secret + chown op-rbuilder:optimism /var/opt/optimism/rbuilder + chmod 0750 /var/opt/optimism/rbuilder + systemctl restart op-rbuilder + EOT + ] + } + + contents = <<-EOT + ((- $node := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/[[ gcp.Meta "name" ]]" ).Data.data -)) + + ((- $node.el_nodekey -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/genesis.json.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/genesis.json.hcl new file mode 100644 index 0000000..f7920fc --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/genesis.json.hcl @@ -0,0 +1,31 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/var/opt/optimism/rbuilder/genesis.json.tar.gz.base64" + + user = "op-rbuilder" + group = "optimism" + perms = "0640" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + # genesis.json + chown op-rbuilder:optimism /var/opt/optimism/rbuilder + chmod 0750 /var/opt/optimism/rbuilder + systemctl restart op-rbuilder + EOT + ] + } + + contents = <<-EOT + ((- $service := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_common[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data -)) + + ((- if $service.genesis_json -)) + ((- $service.genesis_json -)) + ((- end -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/jwtsecret.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/jwtsecret.hcl new file mode 100644 index 0000000..52f9060 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/jwtsecret.hcl @@ -0,0 +1,16 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/var/opt/optimism/jwtsecret" + + user = "root" + group = "optimism" + perms = "0440" + + contents = <<-EOT + ((- with secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/[[ gcp.Meta "name" ]]" -)) + (( .Data.data.jwt_secret )) + ((- end -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.env.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.env.hcl new file mode 100644 index 0000000..5118676 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.env.hcl @@ -0,0 +1,48 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/etc/sysconfig/op-rbuilder.env" + + user = "root" + group = "optimism" + perms = "0640" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + # op-rbuilder.env + systemctl restart op-rbuilder + EOT + ] + } + + contents = <<-EOT + ((- printf "# %s\n\n" "op-rbuilder" -)) + + ((- $node := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/[[ gcp.Meta "name" ]]" ).Data.data -)) + ((- $service := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_common[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data -)) + + ((- if $node.builder_secret_key -)) + BUILDER_SECRET_KEY=(( $node.builder_secret_key ))(( "\n" )) + ((- end -)) + + ((- if $node.coinbase_secret_key -)) + COINBASE_SECRET_KEY=(( $node.coinbase_secret_key ))(( "\n" )) + ((- end -)) + + ((- if $service.otel_exporter_otlp_endpoint -)) + OTEL_EXPORTER_OTLP_ENDPOINT=(( $service.otel_exporter_otlp_endpoint ))(( "\n" )) + ((- end -)) + + ((- if $node.otel_exporter_otlp_headers -)) + OTEL_EXPORTER_OTLP_HEADERS=(( $node.otel_exporter_otlp_headers ))(( "\n" )) + ((- end -)) + + ((- if $service.otel_service_name -)) + OTEL_SERVICE_NAME=(( $service.otel_service_name ))(( "\n" )) + ((- end -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl new file mode 100644 index 0000000..63fe934 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl @@ -0,0 +1,116 @@ +# op-rbuilder + +[Install] +WantedBy=default.target + +[Unit] +Description=op-rbuilder +After=network-online.target +Before=rproxy.service node-healthchecker.service +Requires=automount-data.service vault-agent.service +Wants=network-online.target + +[Service] +Type=simple +SyslogIdentifier=op-rbuilder +User=op-rbuilder +Group=optimism + +EnvironmentFile=-/etc/sysconfig/op-rbuilder.env +KillMode=control-group +KillSignal=SIGINT +OOMScoreAdjust=-500 +Restart=always +RestartSec=10s +TimeoutStopSec=120 + +Environment=HOME=/home/op-rbuilder +Environment=RUST_BACKTRACE=full + +ExecStartPre=+/usr/bin/init-op-rbuilder.sh + +((- $service := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_common[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data )) + +ExecStart=/usr/bin/op-rbuilder node \ + --authrpc.addr '0.0.0.0' \ + --authrpc.jwtsecret '/var/opt/optimism/jwtsecret' \ + --authrpc.port '18651' \ + ((- if $service.el_bootnodes ))(( range $idx, $enode := $service.el_bootnodes )) + --bootnodes '(( printf "%s" $enode ))' \ + ((- end ))(( end )) + ((- if $service.feat_revert_protection ))(( if $service.feat_revert_protection | parseBool )) + --builder.enable-revert-protection \ + ((- end ))(( end )) + --builder.extra-block-deadline-secs '30' \ + --builder.extradata 'Illuminate Dmocratize Dstribute' \ + --builder.log-pool-transactions \ + ((- if $service.genesis_json )) + --chain '/var/opt/optimism/rbuilder/genesis.json' \ + ((- else ))(( if $service.network_name )) + --chain '(( $service.network_name ))' \ + ((- end ))(( end )) + --color 'never' \ + --datadir '/var/opt/optimism/rbuilder' \ + --discovery.port '9200' \ + --enable-discv5-discovery \ + ((- if $service.feat_flashblocks ))(( if $service.feat_flashblocks | parseBool )) + --flashblocks.addr '0.0.0.0' \ + --flashblocks.enabled \ + --flashblocks.port '11111' \ + ((- if $service.feat_flashblocks_number_contract_address )) + --flashblocks.number-contract-address '(( $service.feat_flashblocks_number_contract_address ))' \ + ((- end )) + ((- end ))(( end )) + ((- if $service.feat_flashtestations ))(( if $service.feat_flashtestations | parseBool )) + ((- if $service.feat_flashtestations_builder_policy_address )) + --flashtestations.builder-policy-address '(( $service.feat_flashtestations_builder_policy_address ))' \ + ((- end )) + ((- if $service.feat_flashtestations_block_proofs ))(( if $service.feat_flashtestations_block_proofs | parseBool )) + --flashtestations.enable-block-proofs \ + ((- end ))(( end )) + --flashtestations.enabled \ + --flashtestations.quote-provider http://127.0.0.1:5757/attest \ + ((- if $service.feat_flashtestations_registry_address )) + --flashtestations.registry-address '(( $service.feat_flashtestations_registry_address ))' \ + ((- end )) + ((- if $service.feat_flashtestations_rpc_url )) + --flashtestations.rpc-url '(( $service.feat_flashtestations_rpc_url ))' \ + ((- end )) + ((- end ))(( end )) + --http \ + --http.addr '0.0.0.0' \ + --http.api 'admin,debug,eth,net,trace,txpool' \ + --http.corsdomain '*' \ + --http.port '18645' \ + --log.file.filter 'off' \ + --log.stdout.format 'json' \ + --metrics '0.0.0.0:9001' \ + --port '40404' \ + --rollup.disable-tx-pool-gossip \ + --rpc-max-connections '5000' \ + --rpc-max-logs-per-response '200000' \ + --rpc-max-request-size '150' \ + --rpc-max-response-size '1150' \ + --rpc-max-subscriptions-per-connection '10240' \ + --rpc-max-tracing-requests '250' \ + ((- if $service.feat_telemetry_sampling_ratio ))(( if $service.feat_telemetry_sampling_ratio )) + --telemetry.sampling-ratio '(( $service.feat_telemetry_sampling_ratio ))' \ + ((- end ))(( end )) + ((- if $service.el_static_peers ))(( range $idx, $enode := $service.el_static_peers )) + --trusted-peers '(( printf "%s" $enode ))' \ + ((- end ))(( end )) + --txpool.max-new-pending-txs-notifications '100000' \ + --txpool.max-new-txns '100000' \ + --txpool.max-pending-txns '100000' \ + --ws \ + --ws.addr '0.0.0.0' \ + --ws.api 'admin,debug,eth,net,trace,txpool' \ + --ws.origins '*' \ + --ws.port '8646' \ + ((- if $service.custom_flags ))(( range $idx, $flag := $service.custom_flags )) + (( printf "%s" $flag )) \ + ((- end ))(( end )) + +ExecStop=+/usr/bin/sh -c "kill -1 $( pgrep node-health ) | true" +ExecStop=+/usr/bin/sleep 15 +ExecStop=+/usr/bin/sh -c "PID=$( pgrep op-rbuilder ); if [ \"0${PID}\" -gt 0 ]; then kill -2 ${PID}; while kill -0 ${PID} 2>/dev/null; do sleep 1; done; fi" diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl new file mode 100644 index 0000000..68fe661 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl @@ -0,0 +1,33 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + source = "/etc/vault-agent/op-rbuilder.service.ctmpl" + destination = "/etc/systemd/system/op-rbuilder.service" + + user = "root" + group = "root" + perms = "0644" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + # op-rbuilder + + systemctl daemon-reload + systemctl enable op-rbuilder + + # patterns longer than 15 chars result in 0 matches + PID=$( pgrep node-health ); if [ \"0${PID}\" -gt 0 ]; then kill -SIGHUP ${PID} | true; fi + sleep 5 + + PID=$( pgrep rproxy ); if [ \"0${PID}\" -gt 0 ]; then kill -SIGHUP ${PID} | true; fi + + systemctl restart op-rbuilder + systemctl restart node-healthchecker + EOT + ] + } +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.crt.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.crt.hcl new file mode 100644 index 0000000..5781018 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.crt.hcl @@ -0,0 +1,28 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/etc/rproxy/tls.crt" + + user = "op-rbuilder" + group = "optimism" + perms = "0640" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + systemctl restart rproxy + EOT + ] + } + + contents = <<-EOT + ((- $tls_crt := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_tls[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data.tls_crt -)) + + ((- if $tls_crt -)) + (( $tls_crt )) + ((- end -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.key.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.key.hcl new file mode 100644 index 0000000..581f9a7 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.key.hcl @@ -0,0 +1,28 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/etc/rproxy/tls.key" + + user = "op-rbuilder" + group = "optimism" + perms = "0640" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + systemctl restart rproxy + EOT + ] + } + + contents = <<-EOT + ((- $tls_key := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_tls[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data.tls_key -)) + + ((- if $tls_key -)) + (( $tls_key )) + ((- end -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl new file mode 100644 index 0000000..430fbfb --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl @@ -0,0 +1,75 @@ +[Install] +WantedBy=default.target + +[Unit] +Description=L2 builder proxy +After=network.target +Wants=network.target + +[Service] +Type=simple +SyslogIdentifier=rproxy +User=op-rbuilder +Group=optimism + +Restart=always +RestartSec=5 +TimeoutStopSec=60 + +ExecStartPre=+/usr/bin/mkdir -p /etc/rproxy +ExecStartPre=+/usr/bin/chown -R op-rbuilder:optimism /etc/rproxy + +((- $service := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_common[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data )) +((- $tls_crt := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_tls[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data.tls_crt )) +((- $tls_key := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_tls[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data.tls_key )) + +ExecStart=/usr/bin/rproxy \ + --authrpc-backend 'http://127.0.0.1:18651' \ + --authrpc-enabled \ + --authrpc-listen-address '0.0.0.0:8651' \ + --authrpc-log-proxied-requests \ + --authrpc-log-proxied-responses \ + --authrpc-log-sanitise \ + --authrpc-max-request-size-mb '150' \ + --authrpc-max-response-size-mb '1150' \ + ((- if $service.authrpc_peers )) + ((- range $i, $e := $service.authrpc_peers )) + --authrpc-mirroring-peer '(( printf "%s" $e ))' \ + ((- end )) + --authrpc-remove-backend-from-mirroring-peers \ + ((- end )) + --flashblocks-backend 'ws://127.0.0.1:11111' \ + --flashblocks-enabled \ + --flashblocks-listen-address '0.0.0.0:1111' \ + --flashblocks-log-backend-messages \ + --flashblocks-log-client-messages \ + --flashblocks-log-sanitise \ + --metrics-listen-address '0.0.0.0:6786' \ + --rpc-backend 'http://127.0.0.1:18645' \ + --rpc-enabled \ + --rpc-listen-address '0.0.0.0:8645' \ + --rpc-log-proxied-requests \ + --rpc-log-proxied-responses \ + --rpc-log-sanitise \ + --rpc-max-request-size-mb '150' \ + --rpc-max-response-size-mb '1150' \ + ((- if $service.rpc_peers )) + --rpc-mirror-errored-requests \ + ((- range $idx, $enode := $service.rpc_peers )) + --rpc-mirroring-peer '(( printf "%s" $enode ))' \ + ((- end )) + --rpc-remove-backend-from-mirroring-peers \ + ((- end )) + ((- if $tls_crt )) + --tls-certificate '/etc/rproxy/tls.crt' \ + ((- end )) + ((- if $tls_key )) + --tls-key '/etc/rproxy/tls.key' \ + ((- end )) + ((- if $service.rproxy_custom_flags ))(( range $idx, $flag := $service.rproxy_custom_flags )) + (( printf "%s" $flag )) \ + ((- end ))(( end )) + +ExecStop=+/usr/bin/sh -c "kill -1 $( pgrep node-health ) | true" +ExecStop=+/usr/bin/sleep 15 +ExecStop=+/usr/bin/sh -c "PID=$( pgrep rproxy ); if [ \"0${PID}\" -gt 0 ]; then kill -2 ${PID}; while kill -0 ${PID} 2>/dev/null; do sleep 1; done; fi" diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl new file mode 100644 index 0000000..29ce705 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl @@ -0,0 +1,23 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + source = "/etc/vault-agent/rproxy.service.ctmpl" + destination = "/etc/systemd/system/rproxy.service" + + user = "root" + group = "root" + perms = "0644" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + systemctl daemon-reload + systemctl enable rproxy + systemctl restart rproxy + EOT + ] + } +} diff --git a/l2/_op_rbuilder/mkosi.extra/usr/bin/init-op-rbuilder.sh b/l2/_op_rbuilder/mkosi.extra/usr/bin/init-op-rbuilder.sh new file mode 100755 index 0000000..b7fcc01 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/usr/bin/init-op-rbuilder.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +set -eu + +mkdir -p /home/op-rbuilder +chown -R op-rbuilder:optimism /home/op-rbuilder +chmod 0750 /home/op-rbuilder + +if [ ! -d /var/opt/optimism/rbuilder ]; then + mkdir -p /var/opt/optimism/rbuilder + chown op-rbuilder:optimism /var/opt/optimism/rbuilder + chmod 0750 /var/opt/optimism/rbuilder +fi + +if [ -f /var/opt/optimism/rbuilder/genesis.json.tar.gz.base64 ]; then + if [ -s /var/opt/optimism/rbuilder/genesis.json.tar.gz.base64 ]; then + if [ ! -f /var/opt/optimism/rbuilder/genesis.json ]; then + cat /var/opt/optimism/rbuilder/genesis.json.tar.gz.base64 | base64 -d | tar -xz -C /var/opt/optimism/rbuilder + chown op-rbuilder:optimism /var/opt/optimism/rbuilder/genesis.json + chmod 0640 /var/opt/optimism/rbuilder/genesis.json + fi + fi +fi + +if [ -f /var/opt/optimism/rbuilder/genesis.json ]; then + if [ ! -f /var/opt/optimism/rbuilder/db/database.version ]; then + sudo -u op-rbuilder /usr/bin/op-rbuilder init \ + --chain /var/opt/optimism/rbuilder/genesis.json \ + --color never \ + --datadir /var/opt/optimism/rbuilder \ + --log.stdout.format json + chown -R op-rbuilder:optimism /var/opt/optimism/rbuilder + fi +fi diff --git a/l2/_op_rbuilder/mkosi.postinst b/l2/_op_rbuilder/mkosi.postinst new file mode 100755 index 0000000..3e170b4 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.postinst @@ -0,0 +1,7 @@ +#!/bin/bash + +set -euxo pipefail + +# Create users and groups +mkosi-chroot groupadd -g 2000 optimism || true +mkosi-chroot useradd -u 2002 -g optimism -m -s /bin/bash op-rbuilder || true diff --git a/l2/mkosi.build b/l2/mkosi.build index ba4022f..2cd037b 100755 --- a/l2/mkosi.build +++ b/l2/mkosi.build @@ -4,33 +4,35 @@ set -euxo pipefail ENV_YAML="$SRCDIR/l2/mkosi.extra/etc/flashbots/l2.yaml" -VAULT_VERSION=$(mkosi-chroot yq -r .vault.version < "$ENV_YAML") -GOMPLATE_VERSION=$(mkosi-chroot yq -r .deps.gomplate_version < "$ENV_YAML") -OPS_AGENT_VERSION=$(mkosi-chroot yq -r .deps.ops_agent_version < "$ENV_YAML") +VAULT_REF=$(mkosi-chroot yq -r .vault.git_reference < "$ENV_YAML") +GOMPLATE_REF=$(mkosi-chroot yq -r .gomplate.git_reference < "$ENV_YAML") +GCP_OPS_AGENT_REF=$(mkosi-chroot yq -r .gcp_ops_agent.git_reference < "$ENV_YAML") source scripts/make_git_package.sh # build gomplate + make_git_package \ "gomplate" \ - "v${GOMPLATE_VERSION}" \ + "${GOMPLATE_REF}" \ "https://github.com/hairyhenderson/gomplate" \ - 'go build -trimpath -ldflags "-s -w -buildid=" -o ./build/gomplate ./cmd/gomplate' \ + 'go build -trimpath -ldflags "-s -w -X github.com/hairyhenderson/gomplate/v4/version=${GOMPLATE_REF} -buildid=" -o ./build/gomplate ./cmd/gomplate' \ "build/gomplate:/usr/bin/gomplate" chmod +x $DESTDIR/usr/bin/gomplate # build vault + make_git_package \ "vault" \ - "v${VAULT_VERSION}" \ + "${VAULT_REF}" \ "https://github.com/hashicorp/vault.git" \ - 'go build -trimpath -ldflags "-s -w -buildid=" -o ./bin/vault .' \ + 'go build -trimpath -ldflags "-s -w -X github.com/hashicorp/vault/version.Version=${VAULT_REF} -buildid=" -o ./bin/vault .' \ "bin/vault:/usr/bin/vault" chmod +x $DESTDIR/usr/bin/vault -cd "$BUILDROOT" +# build gcp ops agent -# Build Google Cloud Ops Agent +cd "$BUILDROOT" IMPORT_PATH="github.com/GoogleCloudPlatform/ops-agent" BUILD_CMD=" # Fluentbit @@ -44,7 +46,7 @@ BUILD_CMD=" LDFLAGS='-s -w -buildid=' go build -buildvcs=false -trimpath -ldflags \"\$LDFLAGS \\ -X $IMPORT_PATH/internal/version.BuildDistro=debian13 \\ - -X $IMPORT_PATH/internal/version.Version=$OPS_AGENT_VERSION\" \\ + -X $IMPORT_PATH/internal/version.Version=$GCP_OPS_AGENT_REF\" \\ -o out/libexec/google_cloud_ops_agent_engine \\ $IMPORT_PATH/cmd/google_cloud_ops_agent_engine @@ -52,15 +54,13 @@ BUILD_CMD=" -o out/libexec/google_cloud_ops_agent_wrapper \\ $IMPORT_PATH/cmd/agent_wrapper " - make_git_package \ "google-cloud-ops-agent" \ - "$OPS_AGENT_VERSION" \ + "$GCP_OPS_AGENT_REF" \ "https://github.com/GoogleCloudPlatform/ops-agent" \ "$BUILD_CMD" \ "out/libexec:/opt/google-cloud-ops-agent/libexec" \ "out/opt/google-cloud-ops-agent/subagents/fluent-bit:/opt/google-cloud-ops-agent/subagents/fluent-bit" \ "systemd/google-cloud-ops-agent-fluent-bit.service:/usr/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service" \ "systemd/google-cloud-ops-agent.service:/usr/lib/systemd/system/google-cloud-ops-agent.service" - sed -i 's|@PREFIX@|/opt/google-cloud-ops-agent|g; s|@SYSCONFDIR@|/etc|g' "$DESTDIR/usr/lib/systemd/system/google-cloud-ops-agent"*.service diff --git a/l2/mkosi.extra/etc/flashbots/l2.yaml b/l2/mkosi.extra/etc/flashbots/l2.yaml index 7e01f1d..bcc1a81 100644 --- a/l2/mkosi.extra/etc/flashbots/l2.yaml +++ b/l2/mkosi.extra/etc/flashbots/l2.yaml @@ -1,6 +1,8 @@ -vault: - version: 1.20.1 +gcp_ops_agent: + git_reference: 2.57.0 + +gomplate: + git_reference: v4.3.0 -deps: - gomplate_version: 4.3.0 - ops_agent_version: 2.57.0 +vault: + git_reference: v1.20.1 diff --git a/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl b/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl index 5fe9779..06b89b3 100644 --- a/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl +++ b/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl @@ -10,7 +10,7 @@ vault { auto_auth { method "gcp" { - mount_path = "[[ gcp.Meta "vault_auth_mount_gcp" ]]" + mount_path = "[[ gcp.Meta "attributes/vault_auth_mount_gcp" ]]" config = { type = "gce" diff --git a/l2/mkosi.extra/usr/bin/automount-data.sh b/l2/mkosi.extra/usr/bin/automount-data.sh index 07f6cca..e91fec9 100755 --- a/l2/mkosi.extra/usr/bin/automount-data.sh +++ b/l2/mkosi.extra/usr/bin/automount-data.sh @@ -13,9 +13,10 @@ if [ -e /dev/disk/by-id/google-data ]; then mkfs.ext4 -m 0 ${device} eval $( blkid --output export ${device} ) fi - echo "UUID=${UUID} ${MOUNT:-/var/opt/peristent} ${TYPE} defaults 0 0" >> /etc/fstab - mkdir -p ${MOUNT:-/var/opt/peristent} - chmod 0777 ${MOUNT:-/var/opt/peristent} + AUTOMOUNT_PATH_DATA=${AUTOMOUNT_PATH_DATA:-/var/opt/data} + echo "UUID=${UUID} ${AUTOMOUNT_PATH_DATA} ${TYPE} defaults 0 0" >> /etc/fstab + mkdir -p "${AUTOMOUNT_PATH_DATA}" + chmod 0777 "${AUTOMOUNT_PATH_DATA}" systemctl daemon-reload mount --all else diff --git a/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh b/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh old mode 100644 new mode 100755 index 80f38f9..cdd3033 --- a/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh +++ b/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh @@ -35,7 +35,7 @@ for line in "$( http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/forwarded-ips/${idx} ) - if is_ip4 "${ip}"; then + if is_ip4 "${ip}" > /dev/null; then route="local ${ip} dev ${interface} proto 66 scope host" if ! ip route show table local | grep -q "${route}"; then diff --git a/l2/op-rbuilder.conf b/l2/op-rbuilder.conf new file mode 100644 index 0000000..beaf74e --- /dev/null +++ b/l2/op-rbuilder.conf @@ -0,0 +1,3 @@ +[Include] +Include=l2/mkosi.conf +Include=l2/_op_rbuilder/mkosi.conf diff --git a/scripts/build_rust_package.sh b/scripts/build_rust_package.sh index eaa2858..df7ad2d 100755 --- a/scripts/build_rust_package.sh +++ b/scripts/build_rust_package.sh @@ -19,7 +19,7 @@ build_rust_package() { fi # If binary is cached, skip compilation - local cached_binary="$BUILDDIR/${package}-${version}" + local cached_binary="$BUILDDIR/${package}-${version#${package}/}/${package}" if [ -f "$cached_binary" ]; then echo "Using cached binary for $package version $version" cp "$cached_binary" "$dest_path" @@ -54,6 +54,7 @@ build_rust_package() { " # Cache and install the built binary + mkdir -p "$( dirname $cached_binary )" install -m 755 "$build_dir/target/release/$package" "$cached_binary" install -m 755 "$cached_binary" "$dest_path" } diff --git a/scripts/make_git_package.sh b/scripts/make_git_package.sh index 5771e16..a53aa47 100644 --- a/scripts/make_git_package.sh +++ b/scripts/make_git_package.sh @@ -8,10 +8,10 @@ make_git_package() { local git_url="$3" local build_cmd="$4" # All remaining arguments are artifact mappings in src:dest format - + mkdir -p "$DESTDIR/usr/bin" local cache_dir="$BUILDDIR/${package}-${version}" - + # Use cached artifacts if available if [ -n "$cache_dir" ] && [ -d "$cache_dir" ] && [ "$(ls -A "$cache_dir" 2>/dev/null)" ]; then echo "Using cached artifacts for $package version $version" @@ -19,17 +19,16 @@ make_git_package() { local src="${artifact_map%%:*}" local dest="${artifact_map#*:}" mkdir -p "$(dirname "$DESTDIR$dest")" - local cached_name="$(echo "$src" | tr '/' '_')" - if [ -d "$cache_dir/$cached_name" ]; then + if [ -d "$cache_dir/$src" ]; then mkdir -p "$DESTDIR$dest" - cp -r "$cache_dir/$cached_name"/* "$DESTDIR$dest/" + cp -r "$cache_dir/$src"/* "$DESTDIR$dest/" else - cp "$cache_dir/$cached_name" "$DESTDIR$dest" + cp "$cache_dir/$src" "$DESTDIR$dest" fi done return 0 fi - + # Build from source local build_dir="$BUILDROOT/build/$package" git clone --depth 1 --branch "$version" "$git_url" "$build_dir" @@ -48,15 +47,15 @@ make_git_package() { mkdir -p "$(dirname "$DESTDIR$dest")" cp "$build_dir/$src" "$DESTDIR$dest" fi - + # Cache artifact mkdir -p "$cache_dir" - local cached_name="$(echo "$src" | tr '/' '_')" if [ -d "$build_dir/$src" ]; then - mkdir -p "$cache_dir/$cached_name" - cp -r "$build_dir/$src"/* "$cache_dir/$cached_name/" + mkdir -p "$cache_dir/$src" + cp -r "$build_dir/$src"/* "$cache_dir/$src/" else - cp "$build_dir/$src" "$cache_dir/$cached_name" + mkdir -p "$( dirname $cache_dir/$src )" + cp "$build_dir/$src" "$cache_dir/$src" fi done -} \ No newline at end of file +} From 0b050561851d261ba08ad84cc1b7f367a6e2bd1e Mon Sep 17 00:00:00 2001 From: Melvillian Date: Thu, 13 Nov 2025 14:06:53 -0500 Subject: [PATCH 16/33] fix: fix setup_lima when run on a mac Prior to this commit, env_wrapper's 'setup_lima' command would only work for Linux because it uses the 'nproc' and 'free' shell commands, which do not exist on Mac. Now, the script detects the platform and uses the appropriate shell commands --- scripts/env_wrapper.sh | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/scripts/env_wrapper.sh b/scripts/env_wrapper.sh index e50ec45..a892220 100755 --- a/scripts/env_wrapper.sh +++ b/scripts/env_wrapper.sh @@ -22,8 +22,25 @@ setup_lima() { exit 1 fi - LIMA_CPUS="${LIMA_CPUS:-$( nproc )}" - LIMA_MEMORY="${LIMA_MEMORY:-$( free -g | awk '/^Mem:/ {print $2-2 }' )}" + # Detect CPU count (cross-platform) + if command -v nproc &>/dev/null; then + LIMA_CPUS="${LIMA_CPUS:-$( nproc )}" + elif [[ "$OSTYPE" == "darwin"* ]]; then + LIMA_CPUS="${LIMA_CPUS:-$( sysctl -n hw.ncpu )}" + else + LIMA_CPUS="${LIMA_CPUS:-2}" # Fallback + fi + + # Detect memory (cross-platform) + if command -v free &>/dev/null; then + LIMA_MEMORY="${LIMA_MEMORY:-$( free -g | awk '/^Mem:/ {print $2-2 }' )}" + elif [[ "$OSTYPE" == "darwin"* ]]; then + # sysctl returns bytes, convert to GB and subtract 2GB + mem_gb=$(($(sysctl -n hw.memsize) / 1024 / 1024 / 1024 - 2)) + LIMA_MEMORY="${LIMA_MEMORY:-$mem_gb}" + else + LIMA_MEMORY="${LIMA_MEMORY:-4}" # Fallback + fi # Create VM if it doesn't exist if ! limactl list "$LIMA_VM" > /dev/null 2>&1; then From 37bd948c57f0af65b3a59fe3eb5da3747bda8621 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 14 Nov 2025 15:05:51 +0100 Subject: [PATCH 17/33] chore: use reth 1.9.2 + fixes --- l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml b/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml index 9d0a3f5..b35ce4f 100644 --- a/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml +++ b/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml @@ -5,10 +5,10 @@ node_healthchecker: git_reference: v0.1.11 op_rbuilder: - git_reference: op-rbuilder/v0.2.9 + git_reference: op-rbuilder/v0.2.10 rproxy: - git_reference: v0.0.6 + git_reference: v0.0.8 tdx_quote_provider: git_reference: tdx-quote-provider/v0.1.0 From c8a56c267ec852d63b3a944430aee8a5406f34c0 Mon Sep 17 00:00:00 2001 From: Ilya Lukyanov Date: Fri, 14 Nov 2025 17:00:11 +0000 Subject: [PATCH 18/33] fix cmake under apple silicon --- l2/mkosi.build | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/l2/mkosi.build b/l2/mkosi.build index 2cd037b..4f3cb6b 100755 --- a/l2/mkosi.build +++ b/l2/mkosi.build @@ -35,6 +35,12 @@ chmod +x $DESTDIR/usr/bin/vault cd "$BUILDROOT" IMPORT_PATH="github.com/GoogleCloudPlatform/ops-agent" BUILD_CMD=" + # Install cmake 3.28 to fix build issues on Apple Silicon hosts + # See https://gitlab.kitware.com/cmake/cmake/-/issues/25562 + curl -L -o cmake.sh https://cmake.org/files/v3.28/cmake-3.28.6-linux-x86_64.sh + chmod +x cmake.sh + ./cmake.sh --prefix=/usr --skip-license + # Fluentbit export SOURCE_DATE_EPOCH=0 PATH=/usr/local/go/bin:\$PATH export CFLAGS='-fno-ident -Wno-date-time' CXXFLAGS='-fno-ident -Wno-date-time' From 8bf18518ff4d748efdb248bcdebc6fe3d4368cf7 Mon Sep 17 00:00:00 2001 From: Ilya Lukyanov Date: Fri, 14 Nov 2025 19:12:45 +0000 Subject: [PATCH 19/33] disable saving gcp measurements to file --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 34996bc..a5982a7 100644 --- a/Makefile +++ b/Makefile @@ -96,8 +96,7 @@ measure-gcp: ## Export TDX measurements for GCP echo "Error: build/tdx-debian.efi not found. Run 'make build' first."; \ exit 1; \ fi - @$(WRAPPER) bash -c "dstack-mr -uki build/tdx-debian.efi -json > build/gcp_measurements.json" - echo "GCP Measurements exported to build/gcp_measurements.json" + @$(WRAPPER) dstack-mr -uki build/tdx-debian.efi -json # Clean build artifacts clean: ## Remove cache and build artifacts From 82d871d7e4f924a0aa4db260b6f44522abd3775d Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Tue, 18 Nov 2025 21:36:31 +0900 Subject: [PATCH 20/33] Update GCP measurement tool to latest version --- flake.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 31801ca..a37e21f 100644 --- a/flake.nix +++ b/flake.nix @@ -44,10 +44,10 @@ src = pkgs.fetchFromGitHub { owner = "flashbots"; repo = "dstack-mr-gcp"; - rev = "3d718ab28599ea0c05e65d0f742fdee9fc17a5c7"; - sha256 = "sha256-KFo9wcQuG98Hi4mlMr5VS6D6/STW7jzZ9y1DyqsI820="; + rev = "aa9a276ab354dc72d0cda2b28c7a231649f96430"; + sha256 = "sha256-42cctX0MzWlHJxTcJnJvnPzgGcbf6QMEkmkZWCNdsc8="; }; - vendorHash = "sha256-MxOQSXLAbWC1SOCPzPrNcU20WElbe7eUVdCLTutSYM8="; + vendorHash = "sha256-glOyRTrIF/zP78XGV+v58a1Bec6C3Fvc5c8G3PglzPM="; }; mkosi = system: let pkgsForSystem = import nixpkgs {inherit system;}; From 0254a5a217b1c82bb41cb081542667451c963fee Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Tue, 18 Nov 2025 21:45:57 +0900 Subject: [PATCH 21/33] Switch to official fluent-bit build --- l2/mkosi.build | 16 +++------------- l2/mkosi.conf | 2 ++ l2/mkosi.sync | 5 +++++ 3 files changed, 10 insertions(+), 13 deletions(-) create mode 100755 l2/mkosi.sync diff --git a/l2/mkosi.build b/l2/mkosi.build index 4f3cb6b..d6cd6d2 100755 --- a/l2/mkosi.build +++ b/l2/mkosi.build @@ -35,18 +35,6 @@ chmod +x $DESTDIR/usr/bin/vault cd "$BUILDROOT" IMPORT_PATH="github.com/GoogleCloudPlatform/ops-agent" BUILD_CMD=" - # Install cmake 3.28 to fix build issues on Apple Silicon hosts - # See https://gitlab.kitware.com/cmake/cmake/-/issues/25562 - curl -L -o cmake.sh https://cmake.org/files/v3.28/cmake-3.28.6-linux-x86_64.sh - chmod +x cmake.sh - ./cmake.sh --prefix=/usr --skip-license - - # Fluentbit - export SOURCE_DATE_EPOCH=0 PATH=/usr/local/go/bin:\$PATH - export CFLAGS='-fno-ident -Wno-date-time' CXXFLAGS='-fno-ident -Wno-date-time' - git submodule update --init --depth 1 submodules/fluent-bit - ./builds/fluent_bit.sh \$(pwd)/out - # Main gcs agent binaries mkdir -p out/libexec LDFLAGS='-s -w -buildid=' @@ -66,7 +54,9 @@ make_git_package \ "https://github.com/GoogleCloudPlatform/ops-agent" \ "$BUILD_CMD" \ "out/libexec:/opt/google-cloud-ops-agent/libexec" \ - "out/opt/google-cloud-ops-agent/subagents/fluent-bit:/opt/google-cloud-ops-agent/subagents/fluent-bit" \ "systemd/google-cloud-ops-agent-fluent-bit.service:/usr/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service" \ "systemd/google-cloud-ops-agent.service:/usr/lib/systemd/system/google-cloud-ops-agent.service" + +mkdir -p "$DESTDIR/opt/google-cloud-ops-agent/subagents" +ln -s /opt/fluent-bit/bin/fluent-bit "$DESTDIR/opt/google-cloud-ops-agent/subagents/fluent-bit" sed -i 's|@PREFIX@|/opt/google-cloud-ops-agent|g; s|@SYSCONFDIR@|/etc|g' "$DESTDIR/usr/lib/systemd/system/google-cloud-ops-agent"*.service diff --git a/l2/mkosi.conf b/l2/mkosi.conf index 0a9ca2b..c16074f 100644 --- a/l2/mkosi.conf +++ b/l2/mkosi.conf @@ -12,11 +12,13 @@ WithNetwork=true BuildScripts=l2/mkosi.build ExtraTrees=l2/mkosi.extra PostInstallationScripts=l2/mkosi.postinst +SyncScripts=l2/mkosi.sync Packages=prometheus-node-exporter prometheus-process-exporter usrmerge xfsprogs + fluent-bit BuildPackages=golang libssl-dev diff --git a/l2/mkosi.sync b/l2/mkosi.sync new file mode 100755 index 0000000..0cb9031 --- /dev/null +++ b/l2/mkosi.sync @@ -0,0 +1,5 @@ +#!/bin/bash + +if [ ! -f "$SRCDIR/mkosi.packages/fluent-bit.deb" ]; then + curl -sSfL https://packages.fluentbit.io/debian/bookworm/fluent-bit_3.1.6_amd64.deb -o "$SRCDIR/mkosi.packages/fluent-bit.deb" +fi From 8fe02a347da90c993ec4e3f67035e244dd275cb7 Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Tue, 18 Nov 2025 21:54:31 +0900 Subject: [PATCH 22/33] Fix gcp measurement cmdline --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a5982a7..877f208 100644 --- a/Makefile +++ b/Makefile @@ -96,7 +96,7 @@ measure-gcp: ## Export TDX measurements for GCP echo "Error: build/tdx-debian.efi not found. Run 'make build' first."; \ exit 1; \ fi - @$(WRAPPER) dstack-mr -uki build/tdx-debian.efi -json + @$(WRAPPER) dstack-mr -uki build/tdx-debian.efi # Clean build artifacts clean: ## Remove cache and build artifacts From 4de008edaca5d937e9fda5d9271ef705d99b837b Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Wed, 19 Nov 2025 08:50:52 +0900 Subject: [PATCH 23/33] Pin Debian archive --- l2/op-rbuilder.conf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/l2/op-rbuilder.conf b/l2/op-rbuilder.conf index beaf74e..604cc15 100644 --- a/l2/op-rbuilder.conf +++ b/l2/op-rbuilder.conf @@ -1,3 +1,10 @@ [Include] Include=l2/mkosi.conf Include=l2/_op_rbuilder/mkosi.conf + +[Distribution] +Mirror=https://snapshot.debian.org/archive/debian/20251030T205030Z/ + +[Build] +ToolsTreeMirror=https://snapshot.debian.org/archive/debian/20251030T205030Z/ + From 29504ab495393856ffcac47e0a9be00c3947baaa Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Wed, 19 Nov 2025 13:24:51 +0900 Subject: [PATCH 24/33] Update measurement code again --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index a37e21f..c25d978 100644 --- a/flake.nix +++ b/flake.nix @@ -44,8 +44,8 @@ src = pkgs.fetchFromGitHub { owner = "flashbots"; repo = "dstack-mr-gcp"; - rev = "aa9a276ab354dc72d0cda2b28c7a231649f96430"; - sha256 = "sha256-42cctX0MzWlHJxTcJnJvnPzgGcbf6QMEkmkZWCNdsc8="; + rev = "a4cd4e4cb79c35d819cd89c041fd0ea68560699c"; + sha256 = "sha256-GfnilxqKqfe22Gjo4T0rXYSp7AvnEWOUpUj5FgoauDE="; }; vendorHash = "sha256-glOyRTrIF/zP78XGV+v58a1Bec6C3Fvc5c8G3PglzPM="; }; From 119c18a11ed558f105be7baf95c484473dbe3676 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Thu, 20 Nov 2025 09:14:25 +0100 Subject: [PATCH 25/33] chore: tidy-up (move snippets around to the right places) --- l2/mkosi.build | 1 - l2/mkosi.conf | 6 +++++- l2/op-rbuilder.conf | 7 ------- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/l2/mkosi.build b/l2/mkosi.build index d6cd6d2..13d85e2 100755 --- a/l2/mkosi.build +++ b/l2/mkosi.build @@ -56,7 +56,6 @@ make_git_package \ "out/libexec:/opt/google-cloud-ops-agent/libexec" \ "systemd/google-cloud-ops-agent-fluent-bit.service:/usr/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service" \ "systemd/google-cloud-ops-agent.service:/usr/lib/systemd/system/google-cloud-ops-agent.service" - mkdir -p "$DESTDIR/opt/google-cloud-ops-agent/subagents" ln -s /opt/fluent-bit/bin/fluent-bit "$DESTDIR/opt/google-cloud-ops-agent/subagents/fluent-bit" sed -i 's|@PREFIX@|/opt/google-cloud-ops-agent|g; s|@SYSCONFDIR@|/etc|g' "$DESTDIR/usr/lib/systemd/system/google-cloud-ops-agent"*.service diff --git a/l2/mkosi.conf b/l2/mkosi.conf index c16074f..bcd2b6f 100644 --- a/l2/mkosi.conf +++ b/l2/mkosi.conf @@ -1,11 +1,15 @@ [Include] Include=base/mkosi.conf +[Distribution] +Mirror=https://snapshot.debian.org/archive/debian/20251030T205030Z/ + [Config] Profiles=gcp [Build] Environment=KERNEL_CONFIG_SNIPPETS_L2=kernel/snippets/ubuntu.config,l2/kernel.config +ToolsTreeMirror=https://snapshot.debian.org/archive/debian/20251030T205030Z/ WithNetwork=true [Content] @@ -15,10 +19,10 @@ PostInstallationScripts=l2/mkosi.postinst SyncScripts=l2/mkosi.sync Packages=prometheus-node-exporter + fluent-bit prometheus-process-exporter usrmerge xfsprogs - fluent-bit BuildPackages=golang libssl-dev diff --git a/l2/op-rbuilder.conf b/l2/op-rbuilder.conf index 604cc15..beaf74e 100644 --- a/l2/op-rbuilder.conf +++ b/l2/op-rbuilder.conf @@ -1,10 +1,3 @@ [Include] Include=l2/mkosi.conf Include=l2/_op_rbuilder/mkosi.conf - -[Distribution] -Mirror=https://snapshot.debian.org/archive/debian/20251030T205030Z/ - -[Build] -ToolsTreeMirror=https://snapshot.debian.org/archive/debian/20251030T205030Z/ - From 76a69d3186cd2b72dc92359d9b3bf07154300b75 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Thu, 20 Nov 2025 09:25:26 +0100 Subject: [PATCH 26/33] chore: drop unused code --- l2-builder.conf | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 l2-builder.conf diff --git a/l2-builder.conf b/l2-builder.conf deleted file mode 100644 index c6d33f3..0000000 --- a/l2-builder.conf +++ /dev/null @@ -1,6 +0,0 @@ -[Include] -Include=base/mkosi.conf -Include=l2/l2-builder.conf - -[Config] -Profiles=gcp From e7954c7dc7df97c15555e500f592a6aed3bacfe3 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Thu, 20 Nov 2025 09:30:59 +0100 Subject: [PATCH 27/33] fix: bail out if curl is not installed --- mkosi.profiles/gcp/mkosi.conf | 1 + mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/mkosi.profiles/gcp/mkosi.conf b/mkosi.profiles/gcp/mkosi.conf index ce03a5a..79d1219 100644 --- a/mkosi.profiles/gcp/mkosi.conf +++ b/mkosi.profiles/gcp/mkosi.conf @@ -5,6 +5,7 @@ Environment=KERNEL_CONFIG_SNIPPETS_GCP=mkosi.profiles/gcp/kernel.config ExtraTrees=mkosi.extra Packages=chrony + curl dbus logrotate nvme-cli diff --git a/mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh b/mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh index 697dd41..d92061f 100755 --- a/mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh +++ b/mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh @@ -1,5 +1,10 @@ #!/bin/bash +if ! which curl; then + echo "curl is not present on system, exiting..." + exit 0 +fi + while true; do if hostname=$( curl --header "Metadata-Flavor: Google" --silent --show-error \ @@ -10,6 +15,8 @@ while true; do echo 127.0.0.1 "${hostname}" >> /etc/hosts systemctl restart rsyslog exit 0 + else + echo "Failed to query metadata service, will retry in 1s" fi sleep 1 From 26bff23deb1065fe1fc58d1b3b08b244be1daaea Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Thu, 20 Nov 2025 09:45:07 +0100 Subject: [PATCH 28/33] fix: downgrade to 1.8.4 op-reth --- l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml b/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml index b35ce4f..dd519a3 100644 --- a/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml +++ b/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml @@ -5,7 +5,7 @@ node_healthchecker: git_reference: v0.1.11 op_rbuilder: - git_reference: op-rbuilder/v0.2.10 + git_reference: op-rbuilder/v0.2.13-reth-downgrade rproxy: git_reference: v0.0.8 From cf2f4b26fffd5352855571036024d489fd8f7980 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Thu, 20 Nov 2025 13:42:43 +0100 Subject: [PATCH 29/33] fix: revert away from official fluent-bit build --- l2/mkosi.build | 17 ++++++++++++++--- l2/mkosi.conf | 2 -- l2/mkosi.sync | 5 ----- 3 files changed, 14 insertions(+), 10 deletions(-) delete mode 100755 l2/mkosi.sync diff --git a/l2/mkosi.build b/l2/mkosi.build index 13d85e2..1c5fa77 100755 --- a/l2/mkosi.build +++ b/l2/mkosi.build @@ -35,7 +35,19 @@ chmod +x $DESTDIR/usr/bin/vault cd "$BUILDROOT" IMPORT_PATH="github.com/GoogleCloudPlatform/ops-agent" BUILD_CMD=" - # Main gcs agent binaries + # Install cmake 3.28 to fix build issues on Apple Silicon hosts + # See https://gitlab.kitware.com/cmake/cmake/-/issues/25562 + curl -L -o cmake.sh https://cmake.org/files/v3.28/cmake-3.28.6-linux-x86_64.sh + chmod +x cmake.sh + ./cmake.sh --prefix=/usr --skip-license + + # Fluentbit + export SOURCE_DATE_EPOCH=0 PATH=/usr/local/go/bin:\$PATH + export CFLAGS='-fno-ident -Wno-date-time' CXXFLAGS='-fno-ident -Wno-date-time' + git submodule update --init --depth 1 submodules/fluent-bit + ./builds/fluent_bit.sh \$(pwd)/out + + # Main gcp ops agent binaries mkdir -p out/libexec LDFLAGS='-s -w -buildid=' go build -buildvcs=false -trimpath -ldflags \"\$LDFLAGS \\ @@ -54,8 +66,7 @@ make_git_package \ "https://github.com/GoogleCloudPlatform/ops-agent" \ "$BUILD_CMD" \ "out/libexec:/opt/google-cloud-ops-agent/libexec" \ + "out/opt/google-cloud-ops-agent/subagents/fluent-bit:/opt/google-cloud-ops-agent/subagents/fluent-bit" \ "systemd/google-cloud-ops-agent-fluent-bit.service:/usr/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service" \ "systemd/google-cloud-ops-agent.service:/usr/lib/systemd/system/google-cloud-ops-agent.service" -mkdir -p "$DESTDIR/opt/google-cloud-ops-agent/subagents" -ln -s /opt/fluent-bit/bin/fluent-bit "$DESTDIR/opt/google-cloud-ops-agent/subagents/fluent-bit" sed -i 's|@PREFIX@|/opt/google-cloud-ops-agent|g; s|@SYSCONFDIR@|/etc|g' "$DESTDIR/usr/lib/systemd/system/google-cloud-ops-agent"*.service diff --git a/l2/mkosi.conf b/l2/mkosi.conf index bcd2b6f..196f561 100644 --- a/l2/mkosi.conf +++ b/l2/mkosi.conf @@ -16,10 +16,8 @@ WithNetwork=true BuildScripts=l2/mkosi.build ExtraTrees=l2/mkosi.extra PostInstallationScripts=l2/mkosi.postinst -SyncScripts=l2/mkosi.sync Packages=prometheus-node-exporter - fluent-bit prometheus-process-exporter usrmerge xfsprogs diff --git a/l2/mkosi.sync b/l2/mkosi.sync deleted file mode 100755 index 0cb9031..0000000 --- a/l2/mkosi.sync +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -if [ ! -f "$SRCDIR/mkosi.packages/fluent-bit.deb" ]; then - curl -sSfL https://packages.fluentbit.io/debian/bookworm/fluent-bit_3.1.6_amd64.deb -o "$SRCDIR/mkosi.packages/fluent-bit.deb" -fi From b4cde36d0bc7fd42d3c0ec2a64a79fcacc41eada Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Thu, 20 Nov 2025 22:27:19 +0900 Subject: [PATCH 30/33] Revert "fix: revert away from official fluent-bit build" This reverts commit cf2f4b26fffd5352855571036024d489fd8f7980. (cherry picked from commit 99411464c04191c23f3c1ffcc59f46f2417174c6) --- l2/mkosi.build | 17 +++-------------- l2/mkosi.conf | 2 ++ l2/mkosi.sync | 5 +++++ 3 files changed, 10 insertions(+), 14 deletions(-) create mode 100755 l2/mkosi.sync diff --git a/l2/mkosi.build b/l2/mkosi.build index 1c5fa77..13d85e2 100755 --- a/l2/mkosi.build +++ b/l2/mkosi.build @@ -35,19 +35,7 @@ chmod +x $DESTDIR/usr/bin/vault cd "$BUILDROOT" IMPORT_PATH="github.com/GoogleCloudPlatform/ops-agent" BUILD_CMD=" - # Install cmake 3.28 to fix build issues on Apple Silicon hosts - # See https://gitlab.kitware.com/cmake/cmake/-/issues/25562 - curl -L -o cmake.sh https://cmake.org/files/v3.28/cmake-3.28.6-linux-x86_64.sh - chmod +x cmake.sh - ./cmake.sh --prefix=/usr --skip-license - - # Fluentbit - export SOURCE_DATE_EPOCH=0 PATH=/usr/local/go/bin:\$PATH - export CFLAGS='-fno-ident -Wno-date-time' CXXFLAGS='-fno-ident -Wno-date-time' - git submodule update --init --depth 1 submodules/fluent-bit - ./builds/fluent_bit.sh \$(pwd)/out - - # Main gcp ops agent binaries + # Main gcs agent binaries mkdir -p out/libexec LDFLAGS='-s -w -buildid=' go build -buildvcs=false -trimpath -ldflags \"\$LDFLAGS \\ @@ -66,7 +54,8 @@ make_git_package \ "https://github.com/GoogleCloudPlatform/ops-agent" \ "$BUILD_CMD" \ "out/libexec:/opt/google-cloud-ops-agent/libexec" \ - "out/opt/google-cloud-ops-agent/subagents/fluent-bit:/opt/google-cloud-ops-agent/subagents/fluent-bit" \ "systemd/google-cloud-ops-agent-fluent-bit.service:/usr/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service" \ "systemd/google-cloud-ops-agent.service:/usr/lib/systemd/system/google-cloud-ops-agent.service" +mkdir -p "$DESTDIR/opt/google-cloud-ops-agent/subagents" +ln -s /opt/fluent-bit/bin/fluent-bit "$DESTDIR/opt/google-cloud-ops-agent/subagents/fluent-bit" sed -i 's|@PREFIX@|/opt/google-cloud-ops-agent|g; s|@SYSCONFDIR@|/etc|g' "$DESTDIR/usr/lib/systemd/system/google-cloud-ops-agent"*.service diff --git a/l2/mkosi.conf b/l2/mkosi.conf index 196f561..bcd2b6f 100644 --- a/l2/mkosi.conf +++ b/l2/mkosi.conf @@ -16,8 +16,10 @@ WithNetwork=true BuildScripts=l2/mkosi.build ExtraTrees=l2/mkosi.extra PostInstallationScripts=l2/mkosi.postinst +SyncScripts=l2/mkosi.sync Packages=prometheus-node-exporter + fluent-bit prometheus-process-exporter usrmerge xfsprogs diff --git a/l2/mkosi.sync b/l2/mkosi.sync new file mode 100755 index 0000000..0cb9031 --- /dev/null +++ b/l2/mkosi.sync @@ -0,0 +1,5 @@ +#!/bin/bash + +if [ ! -f "$SRCDIR/mkosi.packages/fluent-bit.deb" ]; then + curl -sSfL https://packages.fluentbit.io/debian/bookworm/fluent-bit_3.1.6_amd64.deb -o "$SRCDIR/mkosi.packages/fluent-bit.deb" +fi From 2f1891cf6fa78a4ee2fdbeb590a9a42f76ab4cfc Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Thu, 20 Nov 2025 22:27:53 +0900 Subject: [PATCH 31/33] Fix fluent bit (cherry picked from commit ea20da4bad4490c2847e830dee4634c35ebb13a3) --- l2/mkosi.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/l2/mkosi.build b/l2/mkosi.build index 13d85e2..6d397dc 100755 --- a/l2/mkosi.build +++ b/l2/mkosi.build @@ -57,5 +57,5 @@ make_git_package \ "systemd/google-cloud-ops-agent-fluent-bit.service:/usr/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service" \ "systemd/google-cloud-ops-agent.service:/usr/lib/systemd/system/google-cloud-ops-agent.service" mkdir -p "$DESTDIR/opt/google-cloud-ops-agent/subagents" -ln -s /opt/fluent-bit/bin/fluent-bit "$DESTDIR/opt/google-cloud-ops-agent/subagents/fluent-bit" +ln -s /opt/fluent-bit "$DESTDIR/opt/google-cloud-ops-agent/subagents/fluent-bit" sed -i 's|@PREFIX@|/opt/google-cloud-ops-agent|g; s|@SYSCONFDIR@|/etc|g' "$DESTDIR/usr/lib/systemd/system/google-cloud-ops-agent"*.service From 3282d7ecadacd208c5260f83d40fe711aed8b1b3 Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Fri, 21 Nov 2025 11:43:21 +0900 Subject: [PATCH 32/33] Normalize UID and GID entries --- base/debloat.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/base/debloat.sh b/base/debloat.sh index 1906010..f995a28 100755 --- a/base/debloat.sh +++ b/base/debloat.sh @@ -1,6 +1,11 @@ #!/bin/bash set -euo pipefail +# Ensure deterministic ordering of uid and gids before debloating +# See Debian issue #963788 +mkosi-chroot pwck --sort >/dev/null +mkosi-chroot grpck --sort >/dev/null + # Remove all logs and cache, but keep directory structure intact find "$BUILDROOT/var/log" -type f -delete find "$BUILDROOT/var/cache" -type f -delete @@ -34,6 +39,7 @@ debloat_paths=( "/usr/lib/systemd/network" "/usr/lib/pcrlock.d" "/usr/lib/tmpfiles.d" + "/var/lib/ucf" "/etc/systemd/network" "/etc/credstore" "/nix" From cd4c2d3d4c73ac23f7cee9da8daf9d9fb793cee1 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 21 Nov 2025 11:50:26 +0100 Subject: [PATCH 33/33] chore: tidy-up --- l2/mkosi.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/l2/mkosi.conf b/l2/mkosi.conf index bcd2b6f..350f139 100644 --- a/l2/mkosi.conf +++ b/l2/mkosi.conf @@ -18,8 +18,8 @@ ExtraTrees=l2/mkosi.extra PostInstallationScripts=l2/mkosi.postinst SyncScripts=l2/mkosi.sync -Packages=prometheus-node-exporter - fluent-bit +Packages=fluent-bit + prometheus-node-exporter prometheus-process-exporter usrmerge xfsprogs